{"id":"https://openalex.org/W3204765815","doi":"https://doi.org/10.1145/3473040","title":"On the Security of Smartphone Unlock PINs","display_name":"On the Security of Smartphone Unlock PINs","publication_year":2021,"publication_date":"2021-09-30","ids":{"openalex":"https://openalex.org/W3204765815","doi":"https://doi.org/10.1145/3473040","mag":"3204765815"},"language":"en","primary_location":{"id":"doi:10.1145/3473040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3473040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3473040","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3473040","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5065482265","display_name":"Philipp Markert","orcid":"https://orcid.org/0000-0002-9232-4496"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Philipp Markert","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024197927","display_name":"Daniel V. Bailey","orcid":"https://orcid.org/0009-0002-4749-6448"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel V. Bailey","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069307193","display_name":"Maximilian Golla","orcid":"https://orcid.org/0000-0003-2204-2132"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Maximilian Golla","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110236021","display_name":"Markus D\u00fcrmuth","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Markus D\u00fcrmuth","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5009788320","display_name":"Adam J. Aviv","orcid":"https://orcid.org/0000-0002-3792-2485"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam J. Aviv","raw_affiliation_strings":["The George Washington University, Washington, District of Columbia, USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University, Washington, District of Columbia, USA","institution_ids":["https://openalex.org/I193531525"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5065482265"],"corresponding_institution_ids":["https://openalex.org/I904495901"],"apc_list":null,"apc_paid":null,"fwci":7.111,"has_fulltext":true,"cited_by_count":32,"citation_normalized_percentile":{"value":0.97052988,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"24","issue":"4","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.992900013923645,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9884999990463257,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/numerical-digit","display_name":"Numerical digit","score":0.8612000942230225},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5740270614624023},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45887935161590576},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.44436249136924744},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4334326684474945},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4238578677177429},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.25938132405281067},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.1472824513912201}],"concepts":[{"id":"https://openalex.org/C94957134","wikidata":"https://www.wikidata.org/wiki/Q82990","display_name":"Numerical digit","level":2,"score":0.8612000942230225},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5740270614624023},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45887935161590576},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.44436249136924744},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4334326684474945},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4238578677177429},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.25938132405281067},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.1472824513912201},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3473040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3473040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3473040","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3473040","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3473040","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3473040","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G3702002941","display_name":null,"funder_award_id":"EXC 2092 CASA 390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G4038457429","display_name":null,"funder_award_id":"1845300","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5106512922","display_name":null,"funder_award_id":"Deutsche Forschungsgemeinschaft (DFG","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G5717916917","display_name":null,"funder_award_id":"39078197","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3204765815.pdf","grobid_xml":"https://content.openalex.org/works/W3204765815.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W1980235022","https://openalex.org/W2039031286","https://openalex.org/W2040467972","https://openalex.org/W2048755632","https://openalex.org/W2054626033","https://openalex.org/W2077816420","https://openalex.org/W2139179587","https://openalex.org/W2155873597","https://openalex.org/W2254621492","https://openalex.org/W2290073962","https://openalex.org/W2574685397","https://openalex.org/W2598853221","https://openalex.org/W2610414453","https://openalex.org/W2752354562","https://openalex.org/W2752830978","https://openalex.org/W2756320651","https://openalex.org/W2890714010","https://openalex.org/W2891820333","https://openalex.org/W2942451627","https://openalex.org/W2962680746","https://openalex.org/W3097523736","https://openalex.org/W3106195390","https://openalex.org/W3112329255","https://openalex.org/W3158365608","https://openalex.org/W4238709738","https://openalex.org/W4300562507","https://openalex.org/W6754995801","https://openalex.org/W6894483945"],"related_works":["https://openalex.org/W2090853787","https://openalex.org/W4249399111","https://openalex.org/W2885872742","https://openalex.org/W1986595213","https://openalex.org/W3138640319","https://openalex.org/W2256844184","https://openalex.org/W4236166423","https://openalex.org/W1489205002","https://openalex.org/W2027670468","https://openalex.org/W2171912977"],"abstract_inverted_index":{"In":[0,123,190],"this":[1],"article,":[2],"we":[3,126,157,194,236],"provide":[4,252],"the":[5,43,70,151,160,185,191,208,213,229,246,253,264],"first":[6],"comprehensive":[7],"study":[8,69],"of":[9,51,72,77],"user-chosen":[10],"four-":[11],"and":[12,61,111,144,258,260],"six-digit":[13,48,192,262],"PINs":[14,49,53,81,241,250,263,268],"(":[15],"n":[16],"=1705)":[17],"collected":[18],"on":[19,233],"smartphones":[20],"with":[21,114,203,212],"participants":[22],"being":[23],"explicitly":[24],"primed":[25],"for":[26,95,119,239,261],"device":[27],"unlocking.":[28],"We":[29,67,107],"find":[30,158],"that":[31,148,159,221,238],"against":[32,174],"a":[33,75,128,136,145,175,199,204,219,242],"throttled":[34,176],"attacker":[35],"(with":[36],"10,":[37],"30,":[38],"or":[39],"100":[40],"guesses,":[41],"matching":[42],"smartphone":[44],"unlock":[45],"setting),":[46],"using":[47],"instead":[50],"four-digit":[52,155,240],"provides":[54],"little":[55,170],"to":[56,79,171,197,251],"no":[57,172],"increase":[58],"in":[59,90,164],"security":[60,201,259],"surprisingly":[62],"may":[63],"even":[64],"decrease":[65],"security.":[66,231],"also":[68],"effects":[71],"blocklists,":[73,117],"where":[74],"set":[76],"\u201ceasy":[78],"guess\u201d":[80],"is":[82,187,222],"disallowed":[83],"during":[84],"selection.":[85],"Two":[86],"such":[87],"blocklists":[88,110,214],"are":[89,181],"use":[91,165],"today":[92,166],"by":[93,167],"iOS,":[94],"four":[96],"digits":[97,104],"(274":[98],"PINs)":[99],"as":[100,102,223,225],"well":[101],"six":[103,115],"(2,910":[105],"PINs).":[106],"extracted":[108],"both":[109],"compared":[112],"them":[113],"other":[116],"three":[118],"each":[120,124],"PIN":[121],"length.":[122],"case,":[125,193],"had":[127],"small":[129,162,224],"(four-digit:":[130,138],"27":[131],"PINs;":[132,140],"six-digit:":[133,141],"29":[134],"PINs),":[135,143],"large":[137],"2,740":[139],"291,000":[142],"placebo":[146],"blocklist":[147,163,186,220,243],"always":[149],"excluded":[150],"first-choice":[152],"PIN.":[153],"For":[154],"PINs,":[156],"relatively":[161],"iOS":[168],"offers":[169],"benefit":[173],"guessing":[177],"attack.":[178],"Security":[179],"gains":[180],"only":[182],"observed":[183],"when":[184],"much":[188],"larger.":[189],"were":[195],"able":[196],"reach":[198],"similar":[200],"level":[202],"smaller":[205],"blocklist.":[206],"As":[207],"user":[209],"frustration":[210],"increases":[211],"size,":[215],"developers":[216],"should":[217,244,269],"employ":[218],"possible":[226],"while":[227],"ensuring":[228],"desired":[230],"Based":[232],"our":[234],"analysis,":[235],"recommend":[237],"contain":[245],"1,000":[247],"most":[248,266],"popular":[249,267],"best":[254],"balance":[255],"between":[256],"usability":[257],"2,000":[265],"be":[270],"blocked.":[271]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":15},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":4}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}