1) We attribute these insecure practices to the complex pattern drawing rules of 3X3 grid.

2) The 3X3 pattern drawing rules does not allow connectivity between any two nodes unconditionally.

3) For instance, users cannot connect 1 and 3 in the grid unless the node 2 is already connected.

4) A corner node can be connected to 5 other nodes, a side node to 6, only center node can be connected to every other node in 3X3 grid.

As an alternative, we developed an intuitive circular grid layout called PassO for our study. The circular layout which unlike the 3X3 grid layout allows a direct connection between any two nodes. This direct connectivity increases the theoretical space to 9,85,824 patterns, 2.5 times greater than 3X3 grid layout (3,89,112). For this study, we conducted a lab-experiment for collecting PassO circular patterns through an Android application on a mobile device.

We conducted a lab-experiment for collecting PassO circular patterns through an Android application on a mobile device. We compared patterns drawn by participants in normal conditions on actual mobile device. We examined the usability of circular patterns and measure the rate of recalling patterns on actual Android device  We also examined the impact of various factors like gender, age, handedness and lock preferences on usability experience through SUS (System Usability Scale) values.

For the lab study evaluation, we recruited 32 participants on voluntary basis for the usability study, out of which 21 (65.6%) were male and 11 (34.4%) were female. 25 of the respondents were between 21-30 years of age and the rest were above 30 years old. Thus, our results are biased towards younger ages, but as these users constitute the early adopters of technology, we consider that our results provide considerable insight of usability parameters.

a) Time taken to complete the task: To compare the pattern creation and recall time consumed by participants at different instances of the experiment.

b) Visual complexity and rate of recalling the pattern successfully: x) we defined pattern length based on the number of nodes connected to measure pattern complexity. y) To check the accuracy of participants in remembering and recalling the lock patterns created on the new circular PassO interface.

c) System Usability Scale: To collect data on usability of the pattern creation on mobile platform and captured SUS rating for participants varying in age, gender, handedness, lock preferences and reuse of patterns

d) Node Coverage: Analysing starting and ending node distribution in the patterns of circular grid.

Our experiment constituted a task flow with four major steps, where we asked the participants:

1) To setup PassO App by creating a Master Pattern for unlocking PassO app on an Android device.

2) To lock the Calculator app using the PassO applications list.

3) To open the Calculator using new pattern lock and perform three simple arithmetic problems (distraction task).

4) To remove the lock of Calculator app using PassO application by recalling and drawing the earlier pattern set for Calculator.

Time Taken: The overall experiment includes four steps and the average time taken by the participants to perform the whole experiment was 3 minutes and 18 seconds. The participants took an average of 6.47 seconds and 5.97 seconds to create a new pattern and recall the pattern respectively. This infers that majority of participants did not face any challenge while recalling their respective patterns after distraction task. While in case of participants, who created different pattern for calculator took more time for recalling (6.71 seconds) as compared to creating the pattern (5.57 seconds). Possible reason for this might be the extra time consumed in recalling one pattern from two recently drawn patterns (PassO Main-Lock and for Calculator app).

Security versus Ease of Usage: We also found that around 78% of participants used the same master pattern that they used for PassO Main Lock to lock/unlock the Calculator application while rest of participants used a new pattern. This might suggest that the participants preferred ease (of using same pattern for multiple authentications) to security (creating different patterns).

Visual Complexity and Recall: Circular grid design allows visually complex patterns. Average of 5.56 nodes out of nine nodes were connected in the patterns drawn by participants. The average length of circular patterns in our study is less than the average length of patterns (7.46 nodes) from our earlier the web-based study [1]. This infers that in real scenarios using mobile devices, participants created shorter patterns thus reducing the complexity resulting in less secure patterns. Extensive distribution of average length of patterns based on number of nodes connected is shown in Table 1. Users were comfortable using the new design, as 100% participants were able to recall the patterns successfully without resetting their created patterns.

Node Coverage: Distribution of percentage of patterns starting and ending at specific nodes for both mobile and web interface [1] are shown in Table 2 and 3. Patterns from both Android device and web interface followed a similar trend of distribution in start and end-points. Majority of the patterns from our study started from nodes 7, 8 and 9 (27.02%, 24.32% and 32.43% respectively) while majority of them ended at node 3 and 4 (21.62% each). This infers that even for circular layouts, conventional way of writing from top left to bottom right corner affects start and end positions of the created patterns.

System Usability Scale: The average SUS (System Usability Scale) score for our study came out to be 80.23 which falls in between the grade range of B+ (near Excellent) [9]. PassO stood out as better than an acceptable application  in terms of SUS scores.

Reuse of patterns: Participants who used same pattern for both PassO Main lock and Calculator lock had higher mean SUS values as compared to those who created different patterns. Thus, users preferring ease (of using same pattern) to security (creating different pattern) had a better experience with PassO interface.

We compared the complexity and node coverage of patterns with the data presented in an earlier study that used online web-based interface for data collection. Our results show that average length of patterns reduced by 25.47% in mobile-based condition. This concludes that in real scenarios, participants created shorter patterns for ease of usability and recall. It also supports the fact that 100% participants recalled their pattern successfully. While in case of start/end nodes distribution, both mobile-based and web-based patterns have shown a similar trend. From our usability studies, we found that majority of the users preferred using single pattern for multiple tasks that are easy to remember and recall. We also examined the effects of various factors like gender, age, handedness and lock preferences guiding the formation of patterns and usability experience through SUS values (average 80.23).

Limitations:   Study was limited to a laboratory setup with n=32, and its biased towards the early age adopters of technology (21-30 years of age). Usability evaluation dependent on SUS measurement tool.

1) Pass-o: A proposal to improve the security of pattern unlock scheme. Tupsamudre H, Banahatti V, Lodha S, and Vyas K.,  In Proceedings of the ACM on Asia Conference on Computer and Communications Security, (2017)

2) PassO – New Circular Patter Lock Scheme Evaluation. Sukanya Vaddepalli, Shree Nivas, Gokul CJ, Gangadhara Sirigireddy, Vijayanand Banahatti and Sachin Lodha. 22nd International Conference on Human-Computer Interaction with Mobile Devices and Services. (2020)

----------------------------------------------------
Team size: (min-max): 2
Technology: Android
My Role: Team Lead
My Contribution:  Initial idea, Brainstorming, Experiment design, Data analysis, Team coordination.
----------------------------------------------------

Acknowledgement: PassO App UI and  video created by my team member Shree Nivas.