Knock, Knock. Who's there? On the security of LG's knock codes

Raina Samuel, Adam J. Aviv, Philipp Markert, Iulian Neamtiu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Knock Codes are a knowledge-based unlock authentication scheme used on LG smartphones where a user enters a code by tapping or “knocking” a sequence on a 2x2 grid. While a lesser-used authentication method, as compared to PINs or Android patterns, there is likely a large number of Knock Code users; we estimate, 700,000-2,500,000 in the US alone. In this paper, we studied Knock Codes security asking participants in an online study to select codes on mobile devices in three settings: a control treatment, a blocklist treatment, and a treatment with a larger, 2x3 grid. We find that Knock Codes are significantly weaker than other deployed authentication, e.g., PINs or Android patterns. In a simulated attacker setting, 2x3 grids offered no additional security. Blocklisting, on the other hand, was more beneficial, making Knock Codes' security similar to Android patterns. Participants expressed positive perceptions of Knock Codes, yet usability was challenged. SUS values were “marginal” or “ok” across treatments. Based on these findings, we recommend deploying blocklists for selecting a Knock Code because they improve security but have a limited impact on usability perceptions.

Original languageEnglish (US)
Title of host publicationProceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020
PublisherUSENIX Association
Pages37-60
Number of pages24
ISBN (Electronic)9781939133168
StatePublished - 2020
Event16th Symposium on Usable Privacy and Security, SOUPS 2020 - Virtual, Online
Duration: Aug 10 2020Aug 11 2020

Publication series

NameProceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020

Conference

Conference16th Symposium on Usable Privacy and Security, SOUPS 2020
CityVirtual, Online
Period8/10/208/11/20

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Knock, Knock. Who's there? On the security of LG's knock codes'. Together they form a unique fingerprint.

Cite this