Harmonized authentication based on ThumbStroke dynamics on touch screen mobile phones

The pervasive and prevalent use of touch screen mobile phones in both work and daily life has generated more and more private and sensitive information on those devices. Accordingly, there is an ever-increasing need to improve the security of mobile phones. Recent advances in mobile user authentication technologies mainly focus on entry-point authentication. Although post-log-in continuous authentication has attracted increasing attention from researchers, none of the previous studies addressed mobile user authentication at both stages simultaneously. In addition, extant authentication systems are subject to the common trade-off between security and usability. To address the above limitations, we propose Harmonized Authentication based on ThumbStroke dynamics (HATS) that supports both entry-point and post-log-in mobile user authentication. HATS integrates password, gesture, keystroke, and touch dynamics-based authentication methods to address the vulnerabilities of individual methods to certain security attacks. Moreover, HATS supports one-handed thumb stroke-based interaction with touch screen mobile phones to improve the usability of authentication systems. We empirically evaluated HATS through controlled lab experiments. The results provide strong evidence that HATS improved both security and usability of mobile user authentication compared with keystroke dynamics based user authentication. •Addresses both entry-point and post-log-in continuous user authentication on touch screen mobile phones•Simultaneously improves the security and usability of mobile authentication systems•Integrates the strengths of password, gesture, keystroke, and touch dynamics based authentication methods•The first authentication method for touch screen mobile devices that is solely based on thumb strokes•Provide insights into the relative efficacy of a wide range of classification techniques for user authentication