Our research broadly examines issues related to the usability, security and privacy for mobile device authentication. More specifically, we examine the ways in which current authentication mechanisms are used, analyze the passcodes that are selected, investigate attitudes related to security and privacy among different user groups, and investigate shoulder-surfing vulnerability in order to establish baseline measurements. Our research also examines the feasibility of technologies to resist observer and guessing attacks. Guidance developed from our studies aims to support mobile device users when authenticating, and aid interface designers when developing unlock mechanisms. The research is a collaborative effort between George Washington University and UMBC. Our research has been funded through the Office of Naval Research.


Impact of Grid Size for Unlock Mechanisms on Mobile Devices
Mobile devices on the Android OS can be unlocked by “drawing” a pattern that connects a sequence of contact points arranged in a 3x3 grid. However, patterns selected for small grids are known to be guessable. We investigated whether increasing the grid size increases the security of human-generated patterns. Our findings suggest both yes and no.
stroke based graphical pattern Stroke based graphical pattern
Publications: ACSAC 2015, SOUPS 2015 Poster, IEEE Internet Computing 2017
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Devon Budzitowski (USNA), Flynn Wolf (UMBC)
H4Plock – A gestural and tactile solution to support mobile authentication
H4Plock aims to support authentication and better resist observer attacks. In order to authenticate, the user enters up to four pre-selected on-screen free-form gestures, informed by tactile prompts. The system has been designed in such a way that the sequence of gestures will vary on each authentication attempt, reducing the capability of a shoulder surfer to recreate entry.
H4Plock Steps to authenticate using H4Plock
Publications: SOUPS 2015 Poster, iConference 2016
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Abdullah Ali (UMBC)
Brain Computer Interfaces for Authentication
Our research has examined the feasibility of Brain–Computer Interface (BCI) and gestural technologies to support the process of authentication. Unlike other input modalities, tokens detected using a BCI headset (e.g., “push,” “lift,” “excitement”), can overcome some of the security vulnerabilities associated with PIN authentication (e.g., observations from third parties). A study was conducted to compare performance against 4 digit PINs. The work was then extended to identify the benefits of these technologies for individuals who are blind.
emotiv epoc Emotiv Epoc used for study
Publications: IJHCI 2017, ASSETS 2017
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Charles Lechner (UMBC), Sidas Saulynas (UMBC)
Supporting Non-Observable/Eyes-Free Authentication
When faced with the threat of observational attacks, mobile device users may attempt to mask the graphical interface to authenticate entry, to reduce the likelihood of third parties viewing and recreating the authentication sequence. A study was conducted examining the efficacy of authenticating entry using both PINs and graphical patterns when the mobile interface is outside of the line of sight of third parties and the user (termed: non-observable). A tactile aid to support assistive spatialization was also evaluated. A classification process has been conducted on gesture traces to identify strategies taken for unlocking and using tactile feedback.
outside line of sight Using interface while outside line of sight
Publications: SOUPS 2016 Poster, USEC 2016, ASSETS 2017, JISA 2018, USEC WIP 2018
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Flynn Wolf (UMBC), KC Marume (UMBC)
Developing Baseline Measurements for Shoulder Surfing Analysis
A comprehensive study of shoulder surfing was conducted based on video recordings of a victim authenticating, to better understand how attacks can be affected by different factors. Authentication type and length, observation angle, phone size and method of interaction were varied. Findings which can both help inform users to improve their security choices, as well as establish baselines for researchers.
focused view Focused view shown to participants
Publications: ACSAC 2017, CHI 2017, ACSAC 2018
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: John Davin (USNA), Flynn Wolf (UMBC), KC Marume (UMBC)
Understanding User Selections of Passcodes
Studies have been undertaken to analyze the impact of collection methods and demographics, and examine the impact of alphabet and culture on graphical passcodes.
Publications: SOUPS 2016 Poster, SOUPS 2016 Workshop, USEC 2016
Faculty: Adam J Aviv (USNA)
Students: Justin Maguire (USNA), Jeanne Luning Prak
Attitudes Towards Security and Privacy
Empirical investigations have been undertaken to examine the difficulties balancing security and usability for mobile interactions. Our work has specifically examined the needs of security-conscious users, whose attitudes and usage behaviors differ to those with lower levels of security training/exposure, and examined adoption of technologies such as biometrics. Our research has also examined the ways in which user attitudes towards privacy and security relating to mobile devices and the data stored thereon may impact the strength of unlock authentication, focusing on Android’s graphical unlock patterns.
Publications: SOUPS 2016 Workshop, BIT 2018, CHI 2018, USEC 2018, CHI 2019a, CHI 2019b
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Flynn Wolf (UMBC)


Papers and Extended Abstracts 2020-2021 2019 2018
2015 - 2016


Project: Supporting Non-Observable/Eyes-Free Authentication
Classification of on-screen gestures in non-observable conditions
Impact of tactile cues on non-observable authentication
Classification of on-screen gestures in non-observable conditions
Related Publications: SOUPS 2016 Poster, ASSETS 2017, USEC 2018
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Flynn Wolf (UMBC), KC Marume (UMBC)

Project: Attitudes Towards Security and Privacy
Adoption of biometrics
Related Publications: SOUPS 2016 Workshop, BIT 2018, CHI 2018, USEC 2018, CHI 2019a
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC)
Students: Flynn Wolf (UMBC)


adam aviv
Dr. Adam J. Aviv
Associate Professor
George Washington University
E: aaviv@gwu.edu
W: https://www.adamaviv.com
Research interests are primarily in the area of computer and network security/cybersecurity, privacy, usable security of smartphone and tablets, and mobile authentication.
ravi kuber
Dr. Ravi Kuber
Associate Professor
E: rkuber@umbc.edu
W: www.umbc.edu/~rkuber
Areas of interest include HCI and accessibility. More specifically, examining ways to support authentication when the visual channel is blocked, restricted or overloaded.
flynn wolf
Flynn Wolf
Ph.D. Student
E: flynn.wolf@umbc.edu
Research interests include examining challenges associated with authentication, designing for eyes-free interactions and for heightening situational awareness.
hirak ray
Hirak Ray
Ph.D. Student
E: hirakr1@umbc.edu
Research interests include examining perceptions of privacy and security among different user groups.


  • Devon Budzitowski (USNA)
  • John Davin (USNA, Trident Scholar)
  • Justin Maguire (USNA)
  • Charles Lechner (UMBC)
  • Chukwuemeka (KC) Marume (UMBC)
  • Jeff Romanowski (UMBC)
  • Ali Abdolrahmani (UMBC)
  • Abdullah Ali (UMBC)
  • Sidas Saulynas (UMBC)
ONR High School SEAP Interns
  • Jeanne Luning Prak
  • Courtney Tse

Contact Us

For further inquiries or for students interested in conducting independent studies/theses in areas related to usable security, please contact aaviv@gwu.edu or rkuber@umbc.edu.

If funded positions are available for applicants, these will be advertised here.