REPORT that the passwords length was to short
















SUBMITTED TO:                                         SUBMITTED










Security of
mobile devices, computers, tablets and other devices are increasingly important
in computing environment. Now days, user communicate with their companies
through mobile phones regarding business plans, organize their work and progress
of business. Moreover, people share their personal information via internet by
their smart phones. In these cases, the security of mobile devices is very
important. I have searched two articles which gives information about security
of mobile devices.

There is need
to protect access to devices that can 
enabling ubiquitous access to sensitive information. sometimes,
authentication schemes prove cons to shoulder-sur?ng attacks, where a bystander
observes a user while authenticating. Then it becomes easy for a attacker  to get the hold of the device and tries to
authenticate and access sensitive data. Modern researches and modern  proposed schemes that are more resistant to observations.
But in most cases, attacking state of the art schemes involves observing only
one entity that is phone going to preparation for an attack.

First article
is usability and security of text passwords on mobile devices. The second one
is multimodal authentication using gaze and touch on mobile devices. These
articles explained how passwords needs to be used secure our devices from
attacks. The first article suggests the ways to ease password entry on mobile
devices. In second article, they purpose multimodal scheme using Gaze touch
pass means attackers needs screen touch and user’s eyes to find out the


In the
background, discussed about the passwords policies on traditional devices. It
has been found that the passwords length was to short and not contain more
symbols, upper case letters and numeric characters. The studies explain that
users enter password on mobile devices very slowly that may cause of errors and
influence password security. Some researches found that alternate keywords on
keyboard may increase the time of entering password. In the past studies, it is
examined that how password composition policies affect password strength and
usability on laptops. But in last few years electronics devices have
significantly changed based upon software and hardware. The devices that were
using just for calling and sending, are now using for email, web surfing,
social networking and banking. So, these devices require authentication for
secure information in any form.


In first
article, there is used two type of study to find best methods to create password
and using on mobile devices and traditional devices such as desktops, tablets,

In first
online study, users create their password according to the password policies.
Then they enter to the second step. In this step they need to do one survey which
includes some questions like their age should be above 18 years. For
verification purpose, users change their password as requirement of their email
provider and they need to verify which device they are using such as mobile
phone. Users can not procced rest of work until verification is not done.

After check, members
or users given eleven conditions. On the basis, of these conditions, users can
either proceed with portable devices or can be requested to use computers, pc. After
completion these conditions users invited to enter their recently changed
password to remember it. After finishing of two days, users got email with a
link to continue the study. Members asked to enter their secret password which
was created by them in step one. If they do not remember their password, then
they can select “forgot password” option to recover their password and get
recovery email. After use their secret password they complete this survey and
gather data related the procedure, general password behavior.

Password is
the secret key of users. There are some strategies to set the password. Here,
is some policies with different conditions-

Basic 20- no
less than 20 words in length

3class8- 8
characters must in this policy with three character classes.

words must be no less than 12 words and contain no less than three character

words should not be less than 16 characters.

It proves
that, two policies require more words such as 20,16 more accurate and secure
than policy includes 8 words.

the different
devices playing important role in creating password and re-entry password. What
devices users are used when they make new passwords and when re-enter password
later on different device. In some cases user do not want to use password later
on other devices. For example- mobile to mobile(MM), traditional to mobile(TM),
traditional to traditional(TT). Mobile to mobile means user use password on
mobile devices. Mobile to traditional identifies user use password on mobile
later can use on computer. Traditional to traditional that is used password on
computers or pc’s. . Users reported main problems of using password on mobile
phones. 52% participants make distance from using password on mobile devices.
23% users changed their password because of problems facing previously and 20%
have passwords that they particularly used on mobile devices. In spite of this,
users detailed that they both make and enter password on mobile phones on
regular basis. 82% users announced that they make more than one password on
cell phones. 37% revealed making more than three passwords on mobile phones.
75% of members report entering password on many time with some entering
password more often. However, 55% of participants using mobile devices for
banking which proves that these passwords have high values.

It was not able to explore each combination in condition matric in a
full factorial design. Here, just selected eleven conditions that esteemed most
significant to giving answers for some questions. 3class8MM, 3 class 8TT, 3 class
12MM, 3 class 12TT, 2 word 16 MM, 2 word 16TT. These three condition sets
enable to straightforwardly analyze passwords on traditional devices with those
on made on mobile devices. Basic 20 MM, 3 word 20MM together with the past MM
conditions, these enable us to examine the impacts of length and multifaceted
nature in the portable settings. In combination with 2 word 16MM and 2 word
16TT, this is enables to additionally look at the impact of changing the kind
of pattern utilize for making and entering passwords.

They concentrate on the 2 word 16 arrangement since it
was as of late prescribed for customary designs. 2word16-autotools-MM,
2word16-noticeable MM. In mix with 2word16MM and 2word16TT, these enable us to
additionally explore contrasts in watchword ease of use and security caused by
shifting info techniques. They collect 2word16 as the secret word strategy for
this examination since we speculated that, as a word-based condition, it would
generally most profitable from automatic text re entry tools.

Measuring usability- they measured a variety of observed
and perceived usability metrics for each condition.

Times to create- the time elapsed between loading the
password creation web page and submitting a password. This was estimated on the
user’s machine to ignore measuring network latency. Time more than two standard
deviation over the mean were excluded.

Creation attempts, re-entry attempts and reason for
failures-the user need to confirm password in various attempts and also should
be enter correct password during a period.

Problems facing during password entry- self announced
concurrence with the announcement that “I thought it was hard to enter the
password I made on this device on a five point likert scale.

Duplicating- during the re entry in part second, users copy
and paste password on browsers password entry field.

Number of cancellation- the quantity of characters which
user erased during the password creation process.

Secret key storage-password storing with the users itself.
For instance, recording or save it into the browser.

Estimating password strength- they utilize guessability,
what number of estimates a distinct cracking algorithm takes to guess a
password to measure the strength of secret key.

Late work advocates introduce this matric that represents
an attacker trying guesses based on desired probability as compare to some
other metrics. In this metric every secret key is allocated a figure number
explains that what number of estimates an attacker would needs to figure the guess
password. Additionally, they refers past work which includes numerous strategies
to simulates a talented attacker. There is no certification that this estimation
of quantity simulates on all attackers, in reality a attacker with more
information about how these passwords were made might have the capacity to make
better suppositions.






In the second
article, gaze touch pass: multimodal password was introduced. Participants
define four symbols according to this scheme, each can be entered either
through touch or through look. Continuous look contributions to a similar way would
than need to be isolated by a look to the front. User can enter by touching the
characters and moving the eyes. The eyes of participants are identified by the
front camera. In security terms, video recorders are used to do study of defining
gaze touch pass.

Gaze touch
pass tends to two threat models, in these two models the user is an open space
that is not under the control of attackers. The attackers know the framework of
system and knows how to give a password.

attacks- the attackers
can watch the user few times from various perspectives. The attackers
concentrate on one methodology per perception on the eyes view of client and
then concentrate on input screen. Lastly, recollect both information and
collaborate later.

Side attacks- the attackers concentrate on the
user from the point of using eyes and using touch screen. What’s more, the user
or client and attackers are sufficiently close to observe the touchscreen.
However, also far enough to lesson the effort switching focus back between the
user’s eyes and device’s display.

While gaze
touch pass demonstrates that multimodal passwords are altogether more secure
than single modal once. Iterative attackers are still conceivable and seen to
be moderately simple to perform. Future work should concentrate on expanding
protection on iterative attackers while looking after ease of use. One other
possible approach is to use random cue, it’s difficult to get observations from
multiple view. Here is likewise examine the memorability and practical password
space of gaze touch pass. What’s more, video based eye following has its known
limitations: shifting light condition, impressions of eye glasses and heavy
make up can influence the quality of eye tracking. For this reason, just
selected straight forward eye motions that can be vigorously identified by
frontal cameras. It may utilization of better eye following hardware can
empower a more extensive scope of eye developments which are identified. Future
systems can utilize different sorts of eye developments. For instance, the
smooth pursuits eye movement has gained concentrate in past in enabling
calibration free gaze based interaction.

Usability study-
the goal of this study to dissect the usability of gaze touch pass and to
gather video recording of look and touch contribution of the resulting security
consider. In a repeated measure analyze, every user performed 16
authentications using randomly created secret keys. They enrolled 13 users between
the age of 21 and 35 years. They logged all logins and recorded the users
utilizing three hd cameras. Every user played out a preparation run for each
condition to get to know framework. This study assessed the usability based on
input speed and error rate.






There was
done comparison of password usability either using on mobile devices or on
computers. There was also discussed some policies to set password. It was found
that, password using on mobile is the cause of less usability. This study also
describes that passwords using on mobile phones are weaker in front of strong

Moreover, on
the basis of study, there are some policies used for traditional devices.

With many
mobile users system where security is important use 2word 16 policy.

Suppose visible
password creation or give permission to participants that they can have options
to visible password through creation time where shoulder surfing attacks are
not common in systems.

For avoiding
user’s frustration, disable text entry tool. Secondly, Gaze touch pass is more
secure than other single systems specially against side attackers because of
having rapidly focus on phones and eyes. In the end, found that multimodal is
enhancing the security level of systems.






I'm Mack!

Would you like to get a custom essay? How about receiving a customized one?

Check it out