Open code biometric tap pad for smartphones

Abstract Poor security practices among smartphone users, such as the use of simple, easily guessed passcodes for logins, are a result of the effort required to memorize stronger ones. In this paper, we devise a concept of “open code” biometric tap pad to authenticate smartphone users, which eliminates the need of memorizing secret codes. A biometric tap pad consists of a grid of buttons each labeled with a unique digit. The user attempting to log into the phone will tap these buttons in a given sequence. He/she will not memorize this tap sequence. Instead, the sequence will be displayed on the screen. The focus here is how the user types the sequence. This typing behavior is used for authentication. An open code biometric tap pad has several advantages, such as (1) users do not need to memorize passcodes, (2) manufacturers do not need to include extra sensors, and (3) onlookers have no chance to practice shoulder-surfing. We designed three tap pads and incorporated them into an Android app. We evaluated the performance of these tap pads by experimenting with three sequence styles and five different fingers: two thumbs, two index fingers, and the “usual” finger. We collected data from 33 participants over two weeks. We tested three machine learning algorithms: Support Vector Machine, Artificial Neural Network, and Random Forest. Experimental results show significant promise of open code biometric tap pads as a solution to the problem of weak smartphone security practices used by a large segment of the population.