{"id":"https://openalex.org/W2254621492","doi":"https://doi.org/10.1145/2818000.2818014","title":"Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock","display_name":"Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock","publication_year":2015,"publication_date":"2015-12-07","ids":{"openalex":"https://openalex.org/W2254621492","doi":"https://doi.org/10.1145/2818000.2818014","mag":"2254621492"},"language":"en","primary_location":{"id":"doi:10.1145/2818000.2818014","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818014","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818014","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818014","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009788320","display_name":"Adam J. Aviv","orcid":"https://orcid.org/0000-0002-3792-2485"},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam J. Aviv","raw_affiliation_strings":["United States Naval Academy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"United States Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082148699","display_name":"Devon Budzitowski","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Devon Budzitowski","raw_affiliation_strings":["United States Naval Academy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"United States Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054095674","display_name":"Ravi Kuber","orcid":"https://orcid.org/0000-0003-1095-3772"},"institutions":[{"id":"https://openalex.org/I79272384","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78","country_code":"US","type":"education","lineage":["https://openalex.org/I79272384"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ravi Kuber","raw_affiliation_strings":["University of Maryland, Baltimore County"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland, Baltimore County","institution_ids":["https://openalex.org/I79272384"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":22.2634,"has_fulltext":true,"cited_by_count":70,"citation_normalized_percentile":{"value":0.99279716,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"301","last_page":"310"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9485999941825867,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8143903613090515},{"id":"https://openalex.org/keywords/grid","display_name":"Grid","score":0.5770920515060425},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.5149436593055725},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.50446617603302},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.47453153133392334},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3213004767894745},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19938302040100098},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.12286999821662903},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.11395615339279175}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8143903613090515},{"id":"https://openalex.org/C187691185","wikidata":"https://www.wikidata.org/wiki/Q2020720","display_name":"Grid","level":2,"score":0.5770920515060425},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.5149436593055725},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.50446617603302},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.47453153133392334},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3213004767894745},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19938302040100098},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.12286999821662903},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.11395615339279175},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/2818000.2818014","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818014","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818014","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},{"id":"pmh:oai:mdsoar.org:11603/19893","is_oa":true,"landing_page_url":"http://hdl.handle.net/11603/19893","pdf_url":null,"source":{"id":"https://openalex.org/S4306402556","display_name":"Maryland Shared Open Access Repository (USMAI Consortium)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},{"id":"doi:10.13016/m2stv7-uuec","is_oa":true,"landing_page_url":"https://doi.org/10.13016/m2stv7-uuec","pdf_url":null,"source":{"id":"https://openalex.org/S4306402644","display_name":"Digital Repository at the University of Maryland (University of Maryland College Park)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I66946132","host_organization_name":"University of Maryland, College Park","host_organization_lineage":["https://openalex.org/I66946132"],"host_organization_lineage_names":[],"type":"repository"},"license":"public-domain","license_id":"https://openalex.org/licenses/public-domain","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.1145/2818000.2818014","is_oa":true,"landing_page_url":"https://doi.org/10.1145/2818000.2818014","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/2818000.2818014","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320309204","display_name":"University of Maryland, Baltimore County","ror":"https://ror.org/02qskvh78"},{"id":"https://openalex.org/F4320311089","display_name":"National Security Agency","ror":"https://ror.org/0047bvr32"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320337624","display_name":"U.S. Naval Academy","ror":"https://ror.org/00znex860"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2254621492.pdf","grobid_xml":"https://content.openalex.org/works/W2254621492.grobid-xml"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W32836389","https://openalex.org/W52581179","https://openalex.org/W1485033854","https://openalex.org/W1582097881","https://openalex.org/W1626992774","https://openalex.org/W1675553526","https://openalex.org/W1988463028","https://openalex.org/W1995628302","https://openalex.org/W1996851501","https://openalex.org/W2020582876","https://openalex.org/W2028570584","https://openalex.org/W2044798763","https://openalex.org/W2048584594","https://openalex.org/W2048755632","https://openalex.org/W2054626033","https://openalex.org/W2077414235","https://openalex.org/W2077910711","https://openalex.org/W2083295738","https://openalex.org/W2096982639","https://openalex.org/W2107816859","https://openalex.org/W2111397260","https://openalex.org/W2115218409","https://openalex.org/W2121800893","https://openalex.org/W2126453598","https://openalex.org/W2149929743","https://openalex.org/W2181155974","https://openalex.org/W2191312859"],"related_works":["https://openalex.org/W143386018","https://openalex.org/W2656445685","https://openalex.org/W1004582678","https://openalex.org/W2115218409","https://openalex.org/W2090949570","https://openalex.org/W2263162522","https://openalex.org/W2134080857","https://openalex.org/W1989237518","https://openalex.org/W2002093701","https://openalex.org/W4399463150"],"abstract_inverted_index":{"Android's":[0],"graphical":[1],"authentication":[2],"mechanism":[3],"requires":[4,192],"users":[5,280],"to":[6,50,55,85,146,265,270],"unlock":[7],"their":[8],"devices":[9],"by":[10,279],"\"drawing\"":[11],"a":[12,16,23,102,118,180],"pattern":[13],"that":[14,29,93,112,160],"connects":[15],"sequence":[17,119],"of":[18,59,77,105,120,131,150,166,188,201,209,224,236,250,256,276],"contact":[19],"points":[20],"arranged":[21],"in":[22],"3x3":[24,31,96,132,170,202,225,251],"grid.":[25],"Prior":[26],"studies":[27,84],"demonstrated":[28],"human-generated":[30,78],"patterns":[32,107,127,152,167,190,216,226,238,252,277],"are":[33,128],"weak":[34],"(CCS'13);":[35],"large":[36,83],"portions":[37,187],"can":[38,173],"be":[39,49,174,262],"trivially":[40,283],"guessed":[41],"with":[42],"sufficient":[43],"training.":[44],"An":[45],"obvious":[46],"solution":[47],"would":[48],"increase":[51,56,74],"the":[52,57,67,71,75,148,151,154,162,198,207,215,267,274],"grid":[53,72,268],"size":[54,73,269],"complexity":[58],"chosen":[60,278],"patterns.":[61,133,258],"In":[62],"this":[63,87,135],"paper":[64],"we":[65,137,246,272],"ask":[66],"question:":[68],"Does":[69],"increasing":[70],"security":[76],"patterns?":[79],"We":[80,158],"conducted":[81],"two":[82],"answer":[86],"question,":[88],"and":[89,97,108,122,124,143,171,234,285],"our":[90,218],"analysis":[91],"shows":[92],"for":[94,168],"both":[95,169],"4x4":[98,126,172,189,237,257],"patterns,":[99,203],"there":[100,260],"is":[101],"high":[103],"incidence":[104],"repeated":[106],"symmetric":[109],"pairs":[110],"(patterns":[111],"derive":[113],"from":[114],"others":[115],"based":[116],"on":[117,206],"flips":[121],"rotations),":[123],"many":[125],"expanded":[129],"versions":[130],"Leveraging":[134],"information,":[136],"developed":[138],"an":[139],"advanced":[140],"guessing":[141,156,161,179,185,197,219,289],"algorithm":[142,220],"used":[144],"it":[145,204],"quantified":[147],"strength":[149],"using":[153],"partial":[155],"entropy.":[157],"find":[159],"first":[163],"20%":[164],"(G0.2)":[165],"done":[175],"as":[176,178],"efficiently":[177],"random":[181,211],"2-digit":[182],"PIN.":[183],"While":[184,259],"larger":[186],"(G0.5)":[191],"2-bits":[193],"more":[194],"entropy":[195],"than":[196],"same":[199],"ratio":[200],"remains":[205],"order":[208],"cracking":[210],"3-digit":[212],"PINs.":[213],"Of":[214],"tested,":[217],"successful":[221],"cracks":[222],"15%":[223],"within":[227,239],"20":[228,240],"guesses":[229],"(a":[230],"typical":[231],"phone":[232],"lockout)":[233],"19%":[235],"guesses;":[241],"however,":[242],"after":[243],"50,000":[244],"guesses,":[245],"correctly":[247],"guess":[248],"95.9%":[249],"but":[253],"only":[254],"66.7%":[255],"may":[261],"some":[263],"benefit":[264],"expanding":[266],"4x4,":[271],"argue":[273],"majority":[275],"will":[281],"remain":[282],"guessable":[284],"insecure":[286],"against":[287],"broad":[288],"attacks.":[290]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":9},{"year":2018,"cited_by_count":14},{"year":2017,"cited_by_count":9},{"year":2016,"cited_by_count":4}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}