By Kristen Mitchell
Most savvy tech users know they should be using strong passwords to protect their online accounts and update them if they become compromised—but have you ever changed the PIN to unlock your phone?
Whether you have or you have not, Adam Aviv, an associate professor in the George Washington University School of Engineering and Applied Science, wants to understand why. Dr. Aviv is a cybersecurity expert who plans to spend the next five years digging into the decisions people make about how to secure their mobile devices.
“We have certain ideas about passwords that aren’t the same when we think about our mobile phones, and yet access to our mobile phone probably gives us access to a bunch of stuff that we probably want to protect,” he said. “It’s really about thinking more deeply about how people choose these authentication, how people use them over time.”
Dr. Aviv, who joined the Department of Computer Science over the summer, received a five-year National Science Foundation CAREER award for his project titled “Enhancing Mobile Authentication by Measuring the Authentication Life-Cycle.” He will use the nearly $700,000 award to study how users authenticate on their mobile devices— such as using a PIN of a pattern to unlock their smartphones. He’s interested in learning more about how user behaviors impact device security and privacy.
The project will also focus on lifecycle events, such as when a user upgrades their phone. This is seen as a potential intervention point from a security perspective. He aims to better understand how users authenticate on their devices over periods of time and how authentication is affected when users encounter new security features or advice.
For example, in 2015 operating system upgrades for the iPhone allowed users to change from a four to a six digit PIN. The six digit PIN is more secure because it is harder to guess. Dr. Aviv would be interested in understanding why users either opted to continue using a four digit pin or if they upgraded to the six digit PIN, and why.
“If you understand the decision-making process, then you can inject yourself into it through design and through better layouts or better-informed systems where people can naturally make better, more secure choices,” he said. “This makes it harder for someone to gain access to your device.”
Smartphones have changed the way people interact with computers, Dr. Aviv said, and for many users around the world, mobile devices are the only internet-connected device they own. Creating and implementing best practices for mobile device security is a priority in the digital world.
Dr. Aviv became interested in authentication when the first generation of modern smartphones hit the market. A graduate student at the University of Pennsylvania at the time, he noticed distinctive smudge patterns on the screens of Android phones that used unlock patterns for authentication. This poses a security challenge because it makes it easier for a non-authorized user to guess the correct pattern.
There are only a handful of institutions across the country researching this issue. Dr. Aviv plans to build a lab at GW focused on authentication security and is actively looking to bring in doctoral students. Graduate and undergraduate students interested in his research are also encouraged to contact him for available opportunities.