Mobile devices have become an essential part of human life and their increasing use has given rise to a number of innovative applications (e.g. finance manager). As far as we know, no prior work has examined the password practices on mobile apps. Therefore, we focus on the password implementation of mobile apps with the primary objective of assessing their authentication practices. Specifically, we analyze 50 leading mobile apps, which belong to 10 different categories of innovative mobile applications by dividing them into 2 groups based on the sensitivity of the information they hold. Our work can be considered as a follow-up to the study conducted by Bonneau and Preibusch for evaluating password practices of leading websites, which was published at WEIS 2010. We address the following four research questions: (a) How does the user experience vary from app to app? (b) How do the password policies of mobile apps compare with those of websites? (c) Are sensitive group of apps designed with stronger security policies as compared to the non-sensitive group of apps? and (d) What security weaknesses exist in the password implementation of mobile apps? Finally, we propose design recommendations to increase the overall security of password-protected accounts.
展开▼