Abstract

We describe three scenarios in which fallback authentication on smartphones can occur and evaluate their real-life occurrences in an online survey (n=244) and complementing interviews (n=12). The results provide first insights into frequencies, reasons, countermeasures taken and problems of lockout experiences. Overall, study participants were satisfied with current fallback schemes, but at the same time, fallback authentication was aggravated when special circumstances applied and thus, leave room for improvements. Based on this, we propose an alternative concept for fallback authentication that quizzes users about installed and not installed apps on their device. Authentication succeeds, when users identify a certain number of apps correctly. Our evaluation showed that the concept yields an overall accuracy of 95%.