Evaluating the effect of multi-touch behaviours on Android unlock patterns

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

16 Scopus Citations
View graph of relations


  • Weizhi Meng

Related Research Unit(s)


Original languageEnglish
Pages (from-to)277-287
Journal / PublicationInformation and Computer Security
Issue number3
Publication statusPublished - 2016


Purpose – This paper aims to evaluate the effect of multi-touch behaviours on creating Android unlock patterns (AUPs) by realising that users can perform more actions in touch-enabled mobile phones.
Design/methodology/approach – The author conducted two user studies with a total of 45 participates and performed two major experiments in the main user study.
Findings – The user study indicates that the multi-touch behaviours can have a positive impact on creating patterns; however, there are only nine touchable points for the original AUPs, which may reduce the usability when performing a multi-touch movement.
Research limitations/implications – An even larger user study could be conducted to further analyse the patterns generated by users, that is, to analyse the specific password space by integrating the behaviours of multi-touch and to involve more types of multi-touch behaviours in creating an AUP. 
Practical implications – This work explores the effect of multi-touch movement on creating AUPs. The results should be of interest for software developers and security researchers for exploring the effect of multi-touch behaviours on the creation of graphical passwords on mobile phones. 
Originality/value – The author conducts two user studies with a total of 45 participants to investigate the impact of multi-touch behaviours on creating AUPs. In addition, to address the issue of usability, the author proposes two ways: increasing the number of touchable points and improve the rules of pattern creation.

Research Area(s)

  • Graphical password, Android unlock patterns, Mobile security, User authentication