SecureLock, an authentication mechanism for Android-based devices, is proposed and compared with existing solutions in this paper. It is a replacement for the Android lock screen and provides four methods of authentication: PIN, password, near-field communication (with appropriate hardware), and gesture puzzles, a knowledge-based authentication method. SecureLock is compared with other Android tools, in terms of user perceptions.
Usability is also considered: how many “things” does the user have to remember? Can the graphical knowledge algorithm proposed by SecureLock help security? Is graphical knowledge better than using a virtual keyboard? The authors highlight that passwords are usually weak, because the combination of capital letters and numbers may be cumbersome on some devices.
The problem is worthy of attention. The security of mobile devices is important, now that they are used so much more often for sharing personal information. SecureLock can better protect the identity of a person by avoiding certain types of attacks; however, it does not necessarily elevate trust for already-authenticated users. SecureLock considers the user session immutable up to a new screen lock (as the implementation section suggests). Therefore, a way to continuously identify the user for applications that manage high-profile private data would be a major benefit of the application.