User:Hiiisparks/sandbox

Kyle Hanagami Draft
Kyle Hanagami is an American dancer, choreographer, YouTuber, and creative director. He has choreographed for stars like Jennifer Lopez, BTS, Blackpink, and CNCO and has worked on shows Dancing With the Stars and World of Dance.

Early Years
Hanagami was first introduced to dance during his freshman year at the University of California, Berkeley, where he majored in Psychology and Economics.

He began uploading dance videos on YouTube a year later

Hand Geometry Draft
Hand geometry is a biometric that identifies users from the shape of their hands. Hand geometry readers measure a user's hand along many dimensions including height, width, deviation, and angle and compare those measurements to measurements stored in a file.

History
Viable hand geometry devices have been manufactured since the early 1970s, making hand geometry the first biometric to find widespread computerized use. Robert Miller realized the distinctive features of hand sizes and shapes could be used for identification and patented the first automated hand geometry device at the Stanford Research Institute in 1971. The device would measure the hand, and the numbers needed to match the punched holes of a user ID card to activate the circuit to be identified. David Sidlauskas was also a major player in the hand geometry de vice production, and he patented Handkey ID3D, the first hand scanner that worked in 3D that involved an optical measuring plate, camera, and numeric keypad to enter a personal PIN.

Process
This biometric system is comprised of four steps: the sensor, feature extraction, matching, and the authentication decision

Sensor
The first step to obtain the biometric template, a unique criteria of a physical feature or behavior of a person. This is done using

As an add-on
Hand geometry is not thought to be as unique as fingerprints, palm veins or irises, fingerprinting, and iris recognition remain the preferred technology for high-security applications. In large populations, hand geometry is not suitable for so-called one-to-many applications, in which a user is identified from his biometric without any other identification. However, hand geometry is very reliable when combined with other forms of identification, such as identification cards or personal identification numbers. There have also been proposed methods to include hand-geometry with palm print-based verification for better accuracy and performance.

Commercial use
A hand-geometry system‚ Identimat, was used at Shearson Hamil on Wall Street to track attendance, marking the beginning of biometric technology usage. Based on Robert Miller's patent, Identimat utilized light sensing cells to measure finger length and a magnetic strip card reader to verify identification cards and compared the information given to determine the authorization of the person. Although production ceased in 1987, the idea remains popular; common applications include access control and time-and-attendance operations.

Advantages
Although hand geometry is not considered to be the most secure compared to other biometric points, there are some advantages to this method. This includes:


 * Medium cost
 * Fast results due to low-computational cost algorithms
 * Reduced template size so takes up less storage
 * Easy to use

Information Privacy:

For the Information Privacy Wikipedia article, I noticed that there was a section called "Authorities by country." There were 12 bullet points with links to the various countries’ or continents’ (Europe) Wikipedia page on their individual office for information privacy, but there still are countries missing. This means that there are unrepresented places around the world, especially those that are more rural. Culture also may have an effect on their information privacy policies so it would be good to see the difference in the policies in more places. I also noticed that it only listed 7 information types with their own respective paragraphs. It would be nice to look into adding more information types or break some of them down into categories. I think that the article is mostly updated, but I think adding the recent privacy concerns over WhatsApp and TikTok in the United States in the Internet Privacy in the United States section would help keep the article very relevant to what is happening now. I also think that the article is very neutral as I do not see any value statements. In terms of the citations, out of the 4 links that I tried, one of them did not exist anymore, two were peer-reviewed articles from reliable journals, and one was a “popular media” article. This particular article referenced a study from Princeton that wasn’t peer-reviewed yet and included facts from that study. However, there are still about 121 total citations, with many diverse authors and topics. Regarding the talk page, there was an interesting discussion with different opinions whether to remove the case studies or not. It was nice to see the replies in a very civil discussion. There was also one interesting editor on the talk page who was very angry and voiced his frustration (in all caps) about professional workplaces looking at a potential employee’s social media. For the ranking, it is a B-class article and is also a Wikiproject internet article.

Celebrity Privacy:

Something that stood out to me was the section dedicated to celebrity children. Although I think this is a very good topic to emphasize, I think it was a bit distracting to me since a lot of the article was based on the children of celebrities, not the actual celebrities themselves. I would recommend also branching out to other immediate family members in general and not just focusing on the impacts on the children. It would help people who are looking for the impacts of celebrity fame on the privacy of the whole family. The article can also be expanded by including the celebrity privacy laws of other places in the world. Currently, there are only 5 sections for the United States, United Kingdom, France, New Zealand, and Spain. This means that there are many unrepresented places and creates a content gap for people who may be looking for the laws of different countries around the world. Another part that can be improved would be to add a section on how social media and globalization has positively and negatively affected celebrities and their specific privacy needs. This could help the article become more relevant to what is happening in the world right now. I think there isn’t an obvious bias, but I think there is a slight negative feeling with the provided negative examples and descriptions, but it might be hard to avoid in order to discuss the issues celebrities face with their privacy. In terms of the citations, out of the five links I looked at, all of them worked. Four of them were peer-reviewed articles and one was a popular media article based on personal experience and was biased. There were only 24 total articles, so it can use more citations to improve the diversity of the sources. For the ranking, it is classified as C-class, low-importance, and a WikiProject Media article. This means that there can be a lot of additions and edits to improve and decrease the content gaps.

Smudge Attack Article
For the smudge attack Wikipedia article, I plan on expanding the article and adding a lot more to it. Although I do not know much about the topic quite yet, I hope that I can add sections to better inform readers and keep them aware on this type of attack. More specifically, I want to add sections on the process of collecting fingerprints and smudges and the technology behind it and as well as how the smudge attacks are different with smartphones, ATMs, and other things that use touch screen systems. I think structuring it in that way will help readers easily find the ways to protect themselves when using their phones or ATMs and better understand the process from the attacker's side.

I think I might structure it like this:

Android Locking Attacks:

- process of attack

- drawbacks/weaknesses

Biometric Attacks:

- Physical - fingerprints

- Behavioral

Solutions:

- Android PINs: Bend Passwords as a compliment

- Biometrics: physical and behavioral: examples- keystroke,

- Combination: enhancing security by implementing PINs and passwords with biometrics- dual authentication?

Related topics:

- biometrics, biometric points, keystroke dynamics, and lock screen.

Draft for Smudge Attacks
A smudge attack is an information extraction type attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010. An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to figure out the pattern or code to access the device and its contents. They use simple cameras and lights and sometimes fingerprint powder and image processing software to capture the fingerprint deposits created from the taps or swipes from previous logins of the authorized user. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.

Smudge attacks are particularly successful when performed on devices that use personal identification numbers (PINs), text-based passwords, and pattern-based passwords. There are various proposed countermeasures to mitigate attacks, such as biometrics, TinyLock, and SmudgeSafe, which are different authentication schemes. Many of the authentication methods provide ways to either cover up the smudges using a stroking method or implement randomized changes so previous login smudges do not match with what the current input area is.

History
The smudge attack method against smartphone touch screens was first investigated by a team of University of Pennsylvania researchers and reported at the 4th USENIX Workshop on Offensive Technologies. This team classified the attack as a physical side-channel attack where the side-channel is launched from the interactions between a finger and the touchscreen. The research was widely covered in the technical press, including reports on PC Pro, ZDNet, and Engadget. The researcher used the smudges left behind on two Android smartphones that used Android pattern lock and were able to break the password fully 68% of the time and partially 92% of the time under proper conditions.

Once the threat was recognized, Whisper Systems introduced an app in 2011 to mitigate the risk. The app worked for both pattern locks and PIN authentications. The system lined up the numbers vertically for PIN verification and required the user to swipe downward over the entered pin before the home screen can be accessed. For pattern lock, the app presents a 10 x 10 grid of stars that the users must swipe over to highlight. Completing these tasks for both methods cover up the smudges created during the authentication process.

In July 2016, Blackberry released the DTEK50 smartphone that was pitched as having an oleophobic coating, which resists oil to keep the touchscreen free of fingerprints. The oleophobic screen works by beading up any oil residuals, preventing them from sticking to the surface and making it easy to wipe them off without smearing.

Dangers
Interpreting the smudges on the screen is a relatively easy task for attackers, and the ramifications of an attack can negatively affect the victim. Smudge attacks not only can be performed on mobile phones but also any touchscreen device such as ATMs, home locking devices, DRE voting machines, and PIN entry systems in convenience stores. Those who use touchscreen devices or machines that contain or store personal information are at a risk of data breaches. The human tendency to want minimal and easy-to-remember PINs and patterns also lead to weak passwords, and passwords from weak password subspaces increase the ease at which attackers can decode the smudges.

Smudge attacks are particularly dangerous since fingerprint smudges can be hard to remove from touch screens, and the persistence of these fingerprints increases the threat of an attack. The attack does not depend on finding perfect smudge prints, and it is still possible for attackers to figure out the password even after cleaning the screen with clothing or with overlapping fingerprints. Cha et al. in their paper, "Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks," tested an attack method called smug that combined smudge attacks and pure guessing attacks. They found that even after asking the users to use the Facebook app after unlocking, 31.94% of the phones were cracked.

Another danger of smudge attacks is that the basic equipment needed to perform this attack, a camera and lights, is easily obtainable. Fingerprint kits are also an additional, but not required, piece of equipment that is accessible, ranging from $30-$200. These kits increase the ease with which an attacker can successfully break into a phone in possession.

Types of attackers
The team at the University of Pennsylvania identified and considered two types of attackers: passive and active.

Active
An active attacker is someone who has the device in hand and is in control of the lighting setup and angles. These attackers can alter the touchscreen in a way to better identify the PIN or pattern code by cleaning or using fingerprint powder. A typical setup from an active attacker could include a mounted camera, the phone placed on a surface, and a single light source. Slight variations in the setup include the type and size of the light source and the distance between the camera and the phone. A more experienced attacker would pay closer attention to the angle of the light and camera, the lighting source, and the type of camera and lens used to get the best picture, taking into account the shadows and highlights when the light reflects.

Passive
A passive attacker is an observer who does not have the device in hand and instead has to perform an eavesdropping-type attack. This means they will wait for the right opportunity to collect the fingerprint images until they can get in possession of the gadget. The passive attacker does not have control of the lighting source, the angle, the position of the phone, and the condition of the touchscreen. These are dependent on the authorized user and their location. Even though passive attackers do have control of their own camera and the angle from the user, they still have to rely on the user to get a good quality picture to crack the security code later on.

Methods and techniques
There are different steps and techniques that attackers use to isolate the fingerprint smudges to determine the lock pattern or PIN. The attacker first has to identify the exact touch screen area, any relevant smudges within that area, and any possible combination or pattern segments.

Preprocessing
In the cases where the fingerprints are not super visible to the eye, preprocessing is used to identify the most intact fingerprints determined by the number of ridge details they have. Selecting the fingerprints with the most ridge details is important to differentiate between the user's fingerprints and those with whom the device is shared. When pressing a finger down on the touch screen surface to create a fingerprint, the liquid from the edges of the ridges fill in the contact region. This fingerprint liquid is made up of substances from the epidermis, the secretory glands, and extrinsic contaminants such as dirt or outside skin products. As the fingertip is lifted, the liquid also retracts, leaving behind the leftover traces. Attackers are able to use fingerprint powder to dust over these oil smudges to unveil the visible fingerprint and their ridges. The powder can enhance the diffuse reflection, which reflects from rough surfaces and makes the dusted smudge more visible to the human eye. There are different powders to choose from based on the colors that best contrasts with the touchscreen and the environment. Examples of powders are aluminum, bronze, cupric oxide, iron, titanium dioxide, graphite, magnetic, and fluorescent powder. This dusting action also mimics the processes used in a crime scene investigation.

Preserving fingerprints
The preserving fingerprints process uses a camera to take multiple pictures of the fingerprint images or the keypad with different light variations. Generally, high-resolution cameras and bright lights work the best for smudge attacks. It is important to use the right techniques when taking pictures in order to limit any reflections and capture only the clear fingerprints.

Visibility of objects
The visibility of the fingerprint relies on the light source, the reflection, and shadows. The touch screen and surface of a smart device can have different reflections that change how someone views the image of the fingerprint.


 * Diffuse Reflection: Incident rays that are reflected at many angles and produced from rough surfaces. Diffuse reflection of light reflects the image of the fingerprint that the human eye can see. The power used in preprocessing and strong light enhances the diffuse reflection for a clearer photo.


 * Specular Reflection: Incident rays are reflected at one angle and produced from smooth surfaces. Specular reflection of light reflects a "virtual" image (since it doesn't produce light) that seems to come from behind the surface. An example of this is a mirror.

Mapping fingerprints to keypad
Fingerprint mapping uses the photographed smudge images to figure out what keys are used by laying the smudge images over the keypad or by comparing the image with a reference picture of the keypad. Mapping the positions of smudges to the keys helps figure out the tapped keys that were used by the authorized user. First, the fingerprints and keypad images are resized and processed to find the areas the corresponding fingerprints and keys occupy. Next, the Laplace edge detection algorithm is applied to detect the edges of the ridges of a finger, sharpen the overall fingerprint, and eliminate any of the background smudges. The photo is then converted into a binary image so that the fingerprints are white and the background is black. Using this image with grid divisions helps clarify based on the largest number of white dots in each grid where the user has tapped.

Differentiating between multiple fingerprints
In the case that there are multiple users, grouping fingerprints can help classify which ones belong to each person. Fingerprints have both ridges and valleys, and differentiating them is determined by the the overall and local ridge structure. There are three patterns of fingerprint ridges– arch, loop, and whorl– that represent the overall structure, and the ridge endings or bifurcation represent the local structure or minutiae points. Different algorithms incorporate these fingerprint traits and structure to group the fingerprints and identify the differences. Some examples of algorithms used are filterbank, adjacent orientation vector (AOV) system, and correlation-filter.


 * Filterbank requires whole fingerprints and cannot identify just the tips of the finger since it uses both the local and overall structure. The algorithm works by selecting a region of interest and dividing it into sectors. A feature vector with all the local features is formed after filtering each sector, and the Euclidean distance of the vectors of two fingerprint images can be compared to see if there is a match.
 * Adjacent orientation vector system matches fingerprints based only on the number of minutiae pairs and the finger details rather than the global/overall structure of the finger. The algorithm works by numbering all of the ridges of the minutiae pairs and creating an AOV consisting of that number and the difference between adjacent minutiae orientations.The AOV score or distance is computed of the two fingerprints and checked against a threshold after fine matching to see if the fingerprints are the same.
 * Correlation filter works with both whole fingers and fingertips. This algorithm works by using a correlation filter or training image of the fingerprint to the image to find the local and overall ridge pattern and ridge frequency. When verifying a fingerprint, the transformation is applied to the test image and multiplied by the results of applying the correlation filter on the person of interest. If the test subject and template match, there should be a large result.

Smudge-supported pattern guessing (smug)
Smug is a specific attack method that combines image processing with sorting patterns to figure out pattern-based passwords. First, the attackers take a picture of the smudge area using an appropriate camera and lighting. Using an image-matching algorithm, the captured image is then compared to a reference picture of the same device to properly extract a cropped picture focused on the smudges. Next, the smudge objects are identified using binary, Canny edge detection, and Hough transformation to enhance the visibility of the fingerprint locations. Possible segments between the swipes and points are detected with an algorithm to form the target pattern. The segments are then filtered to remove unwanted and isolated edges to only keep the edges that follow the segment direction. These segments are identified by figuring out if the smudge between two grid points is part of a pattern by counting the number of smudge objects against the set threshold. Lastly, these segments are then used in a password model to locate potential passwords (e.g. n-gram Markov model). An experiment conducted found that this method was successful in unlocking 360 pattern codes 74.17% of the time when assisted by smudge attacks, an improvement from 13.33% for pure guessing attacks.

Types of vulnerable security methods
Smudge attacks can be performed on various smart device locking methods such as Android Patterns, PINs, and text-based passwords. All of these authentication methods require the user to tap the screen to input the correct combination, which leads to susceptibility to smudge attacks that look for these smudges.

Personal Identification Numbers (PINs)
Main Article: Personal Identification Numbers

A PIN is a four or six number code unique to the individual and is one of the most widely used authentication method for mobile phones at 78% of mobile phone users utilizing this function. Four-digit PINs are mainly used by English users and six-digit PINs are used by users in Asia. There are only 10 number options to choose from, and four-digit PINs have 10,000 different number combinations and six-digit PINs have 1,000,000. PINs are not only susceptible to smudge attacks but other attacks possible through direct observation like shoulder-surfing attacks or just pure guessing like brute-force attacks. They are also used heavily in electronic transactions or for using ATMs and other banking situations. If a PIN is shared or stolen, the device or machine cannot detect whether the user is the rightful owner since it only relies on if the correct number is inputted. In relation to smudge attacks, this allows attackers to easily steal information since there is no other way to authenticate the user for who they actually are.

Text-based passwords
Main Article: Passwords

Text-based passwords is a popular type of security measure that people use to lock their phones in an alphanumeric way. Users can use any combination of numbers, uppercase and lowercase letters, punctuation, and special characters to create their passwords. The downfall to text-based passwords is not only its vulnerability to smudge attacks but also the tendency of users to forget the password. This causes many users to use something that is easy to remember or to reuse multiple passwords across different platforms. These passwords fall under what is called a weak password subspace within the full password space and makes it easier for attackers to break in through brute-force dictionary attacks. An early study reviewed 3289 passwords, and 86% of them had some sort of structural similarity such as containing dictionary words and being short.

Draw-a-Secret (DAS)
Main Article: Draw-a-Secret

Draw-a-Secret is a graphical authentication scheme that requires the users to draw lines or points on a two-dimensional grid. A successful authentication depends on if the user can exactly replicate the path drawn. Android Pattern Password is a version of Pass-Go that follows the concept of DAS.

Pass-Go
Pass-Go uses a grid so that there isn’t a need to store a graphical database and allows the user to draw a password as long as they want. Unlike DAS, the scheme relies on selecting the intersections on a grid instead of the cells on the screen, and users can also draw diagonal lines. Tao and Adam who proposed this method found that over their three month study, many people drew longer pattern passwords, which goes against the tendency to choose minimal and easy-to-remember passwords.

Android Pattern passwords:
Android pattern lock is a graphical password method introduced by Google in 2008 where users create a pattern on a line-connecting 3x3 grid. About 40% of Android users use pattern lock to secure their phones. There are 389,112 possible patterns that the user can draw up. Each pattern must contain at least 4 points on the grid, use each contact point once, and cannot skip intermediate points between points unless it's been used earlier. The security of Android pattern lock against smudge attacks was tested by researchers at the University of Pennsylvania, and from the swipes left behind from the drawn pattern, they were able to discern the code fully 68% of the time and partially 92% of the time under proper conditions.

Countermeasures
Physiological biometrics such as Android Face Unlock, iPhone Touch ID and Face ID, and Trusted Voice have been recently implemented in mobile devices as the main or alternative method of validation. There are also other novel ways that have potential to be a future security scheme but haven't been implemented yet into mainstream usage. Some of these ways avoid the requirement to input anything with their fingers and thus eliminating the ability for attackers to use smudges to determine the password lock.

Creating strong passwords
Although there are many countermeasures that help protect against smudge attacks, creating secure passwords can be the first step to protecting a device. Some of the recommended steps are as followed: Although these are the recommended tips for stronger passwords, users can run out of strong password options they will remember and later forget the passcode after frequent changes. To avoid this, users tend to choose short, weaker passwords to make it more convenient and shorten the unlocking time.
 * Passwords should be at least 8 characters long. A longer password strays away from the weak password subspace and makes it harder for the attacker to interpret the fingerprint smudges
 * Avoid using words in the dictionary as they can be more common and make the password weak.
 * Change passwords frequently.
 * Use randomly generated passwords. Random passwords prevent a user from selecting commonly used and easy-to-remember words that are easily susceptible to attacks.
 * Avoid using the same password for every security authentication system. This prevents attackers from accessing other information if they happen to discover one of the passwords.

Anti-fingerprint screen protector
Researchers have looked into anti-fingerprint properties that can allow people to keep their current password schemes and not worry about the leftover smudges. Surfaces that are able to repel the water and oils from the finger are called amphiphobic. Surfaces that have low surface energy and surface transparency (low roughness) are typically anti-smudge due to their higher contact angles and low molecular attraction. Low molecular attraction means that there is little to no adhesion for the oil and water molecules to bind to the surface and leave behind a trace. However, achieving these properties while still functioning as a touchscreen is hard as the low surface energy alters the durability and functionality of the touchscreen itself.

With this research, various anti-smudge screen protectors have been put on the market such as Tech Armor's anti-glare and anti-fingerprint film screen protector and ZAGG's InvisibleShield Glass Elite VisionGuard+ antimicrobial screen protector. These phone accessories can range from 30 to 60 dollars.

Biometrics
Main Article: Biometrics

Biometrics is a type of authentication that identifies a user based on their behavior or physical characteristics, such as keystrokes, gait, and facial recognition rather than what one can recall or memorize. A biometrics system takes the unique features from the individual and stores them as a biometric template, and the stored information is compared with the current captured input to authenticate a user. Biometrics is categorized as either physiological or behavioral by the US National Science and Technology Council’s Subcommittee (NSTC) on Biometrics. This type of security can serve as a secondary protection to traditional password methods that are susceptible to smudge attacks on their own since it doesn't rely on entering a memorized number or pattern or recalling an image. Research conducted on biometric authentication found that a mix or hybrid of biometrics and traditional passwords or PINs can improve the security and usability of the original system.

One of the downsides to biometrics is mimicry attacks where the attackers mimic the user. This can increase the vulnerability of the device if attackers turn to methods that allow them to copy the victim’s behavior. Some of these methods include using a reality-based app that guide attackers when entering the victim’s phone or using transparent film with pointers and audio cues to mimic the victim’s behavior. Another vulnerability is that the biometric template can be leaked or stolen through hacking or other various means to unauthorized people. A possible solution to any theft, leak, or mimicry are fingerprint template protection schemes as they make it difficult for attackers to access the information through encryption and added techniques.

Physiological
Physiological biometrics authenticates a user based on their human characteristics. Measuring the characteristics unique to each individual creates a stable and mostly consistent mechanism to authenticate a person since these features do not change very quickly. Some examples of physiological biometric authentication methods are listed below.


 * Iris recognition
 * Fingerprint recognition
 * Hand geometry
 * Facial recognition

Behavioral
Behavioral biometrics authenticates a user based on the behavior, habits, and tendencies of the true user. Some examples include voice recognition, gait, hand-waving, and keystroke dynamics. The schemes listed below have been proposed to specifically protect from smudge attacks.


 * Touch-Interaction: Touch-interaction is a proposed way of authenticating a user based on their interactions with the touch screen such as tapping or sliding. There are two types: static that checks the user once and continuous that checks the user multiple times. The convenience of this method is that it doesn't require extra sensors and can check and monitor the user in the background without the help or attention of the user. Chao et al. describes the process in which the up, down, right, and left motions are checked in terms of the position of the finger, the length of the swipe, the angle, the time it takes, the velocity, acceleration, and finger pressure. In their conducted experiment, they tested on how usable and reliable the touch-based method is and found that all of the touch operations were stable and blocked unauthorized users with an expected error rate of 1.8%. However, there are still other factors like the smartphone type, the software, environment, familiarity of the phone, and physical state of the user that could create variability and thus a higher rate of error.
 * BEAT: This specific unlocking method is called BEAT, which authenticates the behavior of the user or how they perform a gesture or signature. A gesture scheme is swiping or pinching the touch screen, and a signature scheme requires the user to sign their name. This method is secure from smudge attacks and also does not need extra hardware. BEAT works by first asking the user to perform the action 15 to 20 times to create a model based on how they performed the action to use for authentication. The features identified are velocity magnitude, device acceleration, stroke time, inter-stroke time, stroke displacement magnitude, stroke displacement direction, and velocity direction. Machine learning techniques are then applied to determine whether the user is legitimate or not. An experiment was conducted using the BEAT method on Samsung smartphones and tablets and found that after collecting 15,009 gesture samples and 10,054 signature samples, the error rate of 3 gestures is 0.5% and about 0.52% for one signature.

SmudgeSafe
SmudgeSafe is another authentication method protected from smudge attacks that uses 2-dimension image transformations to rotate, flip, or scale the image at the login screen page. The user will draw a graphical password shaper created from the points on an image as usual, but the image will look different every time the user logs in. The changes done on the image are randomized, so previous login smudges do not give hints to attackers on what the input is. To ensure that the transformations applied will significantly change the locations of the password points, the area of these specific locations on the image is restricted. In a study comparing SmudgeSafe's graphical authentication method to lock patterns and PINs, SmudgeSafe performed the best with a mean of 0.51 passwords guessed per participant. The pattern lock had a mean of 3.50 and PINs had a mean of 1.10 passwords correctly guessed per participant.

TinyLock
TinyLock was proposed by Kwon et al. and uses two grids; the top one is for the pressed cells for the confirmation process, and the bottom one is a drawing pad for the authentication process. The top grid is used to notify the user by flickering and vibrating if the user is on the correct initial dot before they start drawing. The bottom half of the screen contains a tiny 3 x 3 grid used for drawing the secret password. The grid is much smaller in size compared to traditional pattern locks, which forces the user to draw in a confined space to squeeze all the smudges in a small area. This method mitigates smudge attacks because the smudges are all smushed together, and the users are required to draw a circular virtual wheel in either direction after drawing the pattern password. However, this method is not completely free from shoulder-surfing attacks. Also, another drawback is the grid dots are hard to visualize due to the small size, which makes it difficult to draw complex patterns and unlock without error.

ClickPattern
ClickPattern uses a 3 x 3 grid labeled one through nine, and the user has to click on the nodes that correlate with the end of a drawn line to prevent swiping on the screen. Doing this creates smudges that are harder to distinguish from normal screen usage. If anything, the smudges created will reveal the nodes used but not the pattern, thus being more protected from smudge attacks than Android pattern lock. On the lock screen, ClickPattern consists of these three components:


 * Grid 3 x 3
 * Table numbered 1- 9
 * Ok and Undo Button

The user is authenticated when the inputted pattern after clicking the numbers is the same as the original pattern and in the same exact order and direction. In order to create a valid pattern, the pattern must have at least 4 points and none of them can be used more than once. The pattern will also always contain dots in between a sequence even though it does not necessarily need to be clicked and can go through previously used dots to access an unused dot.

Multi-touch authentication with Touch with Fingers Straight and Together (TSFT)
This multi-touch authentication uses geometric and behavioral characteristics to verify users on a touch screen device. According to Song et al., this TFST gesture takes an average of 0.75 seconds to unlock, is very easy to use, and simple to follow. The user puts two to four fingers together in a straight position, decreasing the amount of surface compared to other multi-touch methods. With the fingers in this fixed hand posture, the user can choose to either trace a simple or complex pattern, and the screen will pick up the positions of the fingers and record each trace movement in the form of touch events. These touch events account for the X and Y-coordinates, the amount of pressure applied, the finger size, the timestamp, and the size of the touched area, and are compared to the template created during the registration process. The physiological features or hand geometry include a measurement between possible strokes from the performed gesture. Horizontal strokes track the finger length differences, and vertical strokes track the finger width. Since the user always places their fingers in a straight position, the measurements of the finger will stay the same and provide consistent verification. Lastly, there are behavioral features that are traced, specifically the length of the stroke, the time it takes, the velocity of the stroke, the tool or the area for each touch point in relation to finger size, the touch area size, the pressure applied, and the angle of the stroke. For one stroke, there are 13 behavioral features, and this increases to 26, 39, and 52 for up to four strokes.

Bend passwords
With new technology geared towards creating a flexible display for smartphone devices, there are more opportunities to create novel authentication methods. Bend passwords are an original type of password authentication used for flexible screens. It involves different bend gestures that the users perform by twisting or disfiguring the display surface, and there are a total of 20 gestures currently available. The bending can be a part of a single gesture by individually bending one of the four corners of the display or part of a multi-bend gesture by simultaneously bending pairs of corners.

Fractal-Based Authentication Technique (FBAT)
A new proposed authentication method called Fractal-Based Authentication Technique (FBAT) uses Sierpinski’s Triangle to authenticate users. This process combines recognition-based and cued recall-based authentication as the users have to recognize and click on their personal pre-selected color triangles as the level of triangles increases. For smartphones, the level of triangles is set at 3 due to the limited size of the touch screen, but it can increase for bigger tablets. At level 3, the probability that an attacker will guess the password is 0.13%. Recognition-based requires users to recognize pre-selected images and cued recall-based graphical requires users to click on pre-selected points on an image. In the Sierpinski triangle, a selected colored pattern is created during the registration and is hidden in the device. To authenticate themselves, a user must select the correct pattern in each level while the triangles randomly shuffle. Since the colored triangles are randomly generated, they can be found in different locations for every authentication, thus leaving smudges everywhere that do not correspond to any useful password. This technique can be used on Android devices, ATM machines, laptops, or any device that uses authentication to unlock.

2 x 2 and 1 x 2 Knock Code
Knock Code is authentication method introduced by LG Electronics that allows users to unlock a phone without turning it on by tapping the correct area in the right sequence. The screen is split into four, and the vertical and horizontal lines change. There are two variations of Knock Code that have been proposed, the 2 x 2 and 1 x 2 knock code. These variations can protect against smudge attacks due to the sliding operations that erase the knocking at the end after the taps are inputted. In a user study that compared the original Knock Code and the Android Pattern Lock, these variation schemes were more resistance to smudge attacks.


 * 2 x 2 knock code: The 2 x 2 knock code adds the sliding gesture which helps increase the amount of password combinations to about 4.5 billion ways, which is about 53 thousand times bigger than the original Knock Code. This scheme uses four parts of the grid and aims to decrease the amount of gestures performed while still having a high level of security.
 * 1 x 2 knock code: The 1 x 2 scheme also uses sliding operations but decreases the amount of areas to two that are side-to-side. Flexible area recognition, their own algorithm that doesn’t allow sliding operations in the same area, adds to the convenience, and the user only has to use their thumb to unlock the phone. The amount of passwords in the subspace is the exact same as the original Knock Code.

Future
There has been movement towards physiological biometric authentication in current smartphone security such as fingerprint and facial recognition that allow the user to replace their PINs and alphanumeric passcodes. However, even new and advanced authentication methods have flaws and weaknesses that users can take advantage of. For example, in an examination of touch authentication, researchers observed similar swiping behavior and finger pressure in a large number of phone users, and this generic information can aid attackers perform successful attacks. Research has continued on biometrics and multi-gesture authentication methods to help combat attacks on traditional passwords and eliminate the vulnerabilities of novel schemes as new trends and new technology are developed.

General info

 * Whose work are you reviewing? Hiiisparks
 * Link to draft you're reviewing: User:Hiiisparks/sandbox

Lead
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer?
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic?
 * Does the Lead include a brief description of the article's major sections?
 * Does the Lead include information that is not present in the article?
 * Is the Lead concise or is it overly detailed?

Lead evaluation
The lead has a clear introduction about the article's topic. There is also a description of major parts in the article such as its various ways of manipulation. It's not overly detailed.

Content
Guiding questions:


 * Is the content added relevant to the topic?
 * Is the content added up-to-date?
 * Is there content that is missing or content that does not belong?
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics?

Content evaluation
The content added are relevant to the topic and it's great to see you added so much new information! The original article only had sections History and Danger but by you adding more sections such as countermeasures and different types of the topic definitely make this article more reliable and useful.

Tone and Balance
Guiding questions:


 * Is the content added neutral?
 * Are there any claims that appear heavily biased toward a particular position?
 * Are there viewpoints that are overrepresented, or underrepresented?
 * Does the content added attempt to persuade the reader in favor of one position or away from another?

Tone and balance evaluation
The content added is neutral and provide straight facts to readers. No point is overrepresented.

Sources and References
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information?
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic?
 * Are the sources current?
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible?
 * Check a few links. Do they work?

Sources and references evaluation
The citations are reliable and all the links I check worked. It also included a diversity of writers.

Organization
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read?
 * Does the content added have any grammatical or spelling errors?
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic?

Organization evaluation
The content added is easy to read and I didn't see grammatical errors. But as I go through your article I found the section under countermeasures relatively long, and I am not sure if it would be more succinct for you to delete certain parts. Another suggestion is to make sub-titles under Biometrics more obvious, because the current fronts are pretty similar to sub-heading 1.

Images and Media
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic?
 * Are images well-captioned?
 * Do all images adhere to Wikipedia's copyright regulations?
 * Are the images laid out in a visually appealing way?

Images and media evaluation
The article currently does not have images.

For New Articles Only
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject?
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject?
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles?
 * Does the article link to other articles so it is more discoverable?

New Article Evaluation
The article achieved all the above points.

Overall impressions
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete?
 * What are the strengths of the content added?
 * How can the content added be improved?

Overall evaluation
Overall great job! I really like how you added so many other sections aside from the original article. One thing to be cautious is the length under each section :)! (The content added is easy to read and I didn't see grammatical errors. But as I go through your article I found the section under countermeasures relatively long, and I am not sure if it would be more succinct for you to delete certain parts. Another suggestion is to make sub-titles under Biometrics more obvious, because the current fronts are pretty similar to sub-heading 1.)

General info

 * Whose work are you reviewing? Hiiisparks
 * Link to draft you're reviewing: User:Hiiisparks/sandbox

Lead
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer? Yes
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic? Yes
 * Does the Lead include a brief description of the article's major sections? Yes
 * Does the Lead include information that is not present in the article? No
 * Is the Lead concise or is it overly detailed? Concise

Lead evaluation
I like how you added hyperlinks to the wikipedia pages. It also includes explanations to your topic which is helpful.

Content
Guiding questions:


 * Is the content added relevant to the topic? Yes
 * Is the content added up-to-date? Yes
 * Is there content that is missing or content that does not belong? No
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics? No

Content evaluation
There are may different sections that covered the topic throughly. I think you still have to edit "Click Pattern." Each subsection is also written with sources to backup the article. I'm not sure if the colons are necessary for each subsection title, but it's my suggestion and you don't have to change it.

Tone and Balance
Guiding questions:


 * Is the content added neutral? Yes
 * Are there any claims that appear heavily biased toward a particular position? No
 * Are there viewpoints that are overrepresented, or underrepresented? No
 * Does the content added attempt to persuade the reader in favor of one position or away from another? No

Tone and balance evaluation
The tone of the article is neutral, and statements are backed-up with sources. No one subsection is unreasonably longer or shorter than others.

Sources and References
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information? Yes
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic? Yes
 * Are the sources current? Yes
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible? Yes
 * Check a few links. Do they work? Yes

Sources and references evaluation
A lot of sources are added (36!! wow). I've checked a few links and they worked. Some of the sources shows " Check date values in: |date= " so maybe you can correct it. Also maybe add more citations within sentences.

Organization
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read? Yes
 * Does the content added have any grammatical or spelling errors? No
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic? Yes

Organization evaluation
The article is well organised. I like how there is an overview/ introduction sentence within each subsection which helps reader stay on track and know what they will be reading.

Images and Media
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic? N/A
 * Are images well-captioned? N/A
 * Do all images adhere to Wikipedia's copyright regulations? N/A
 * Are the images laid out in a visually appealing way? N/A

Images and media evaluation
N/A

For New Articles Only
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject? Not necessarily a new article, but yes
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject? Yes
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles? Yes
 * Does the article link to other articles so it is more discoverable? Yes

New Article Evaluation
Looks good as a new article as it involves a lot of different information and sources.

Overall impressions
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete? Yes
 * What are the strengths of the content added? Many resources and informations is added.
 * How can the content added be improved? Maybe citations within the article can be more, since some sentences don't have citations.

Overall evaluation
The article is great and includes a lot of information. Strengths and weaknesses is added in the guiding questions. Great Work!

= Peer Review (jameswang323) =


 * Whose work are you reviewing? Hiiisparks
 * Link to draft you're reviewing: User:Hiiisparks/sandbox

Lead:
The lead section is very concise in that it uses one short paragraph to summarize main points. However, I'm not sure if your lead section is just your definition of smudge attacks? I think by making your lead section a separate heading and include other topics like methods of attacks, vulnerable security methods, and countermeasures would be nice.

Content:
I think you have a lot of detailed information, but it might be better if you moved some contents around so they synthesis into a larger topic. Right now it feels a little choppy and disconnected, but I'm sure you can fix it! :) Also perhaps expand on they history of smudge attacks and dangers of attacks a bit more. Another cool thing to add is real life events that happened where attackers used smudge attacks to steal personal biometric information of a victim.

Tone and Balance:
Your tone is neutral and is to the point. I like how you talk about different smudge attack methods and then go on to describe countermeasures to these attacks by giving out examples of Tinylock, biometrics, etc. I think you could expand on the danger of smudge attacks more to talk more about negatives of smudge attacks.

Organization:
The organization is good so far. However, some parts are too detailed and seems a little disconnected. For example you can move classification as a side-channel topic to a larger topic related to smudge attacks. (also I only see a link for this section, are you adding content to this section?). You can consider moving types of attackers to beginning of methods and techniques to serve as a good introduction to that section. Also, the password protection section can fall under countermeasures.

Overall Impressions:
I like this article a lot! It is very detailed and has many interesting countermeasure examples such as FBAT, bend passwords, Tinylock, etc. I think you could merge some examples, combine some paragraphs, and put some subheadings into larger sections in order to make your article more coherent. Beside from organization, I would also make your lead section kore obvious to the readers by having a section right below your article title on smudge attacks. try to describe a bit of all your content sections in the lead, not just the definition of smudge attacks. I also suggest adding a few images that relate to countermeasures or shows various methods of attacks! Good job overall! :)

Lead
There is a typo "it" in the second sentence. The second sentence is a little wordy, it will be better if there is a way to make it more readable by modifying its structure.

I like your first sentence in the second paragraph, it clearly shows the importance of this topic. There are some unclear pronouns, it will be great if you can use specific nouns for clarification. The fingerprint knit is a very important point for your topic, but I think you don't have to mention it in the lead to avoid redundancy (this is included in "equipment" you mentioned in the first sentence). "Commonality" is a little obscured word, maybe something like "vulnerability" of the users?

The last paragraph seems detached from the lead, and I'm confused about its significance to your topic.

History
It will be great to have the specific date of this UPenn research and clarify if this is the first academic investigation on smudge attack. Also it will be great to present a timeline for the development of this topic, rather than only having one event in this section. I believe you will work on the citation later.

Method
There is an extra space in the "processing" section. Still I think it will be great to be more specific when using pronouns, such as "this method" rather than "this". One type: "there are different powder to choose ".

"The preserving fingerprint" cannot be used as a pronoun and starts a sentence. I'm sure you will also expand the "object visibility" section to explain further on how those two reflections relate and affect smudge attack.

I'm sure you will work on the last section as well.

Types
This subtitle can be more specific. The previous section has a subtitle of "types of attackers", this one can be also named in a similar way.

I'm sure you will work on this part and the following sections.

I'm also curious if there is any reported use of smudge attack that can be served as an example.

Peer Review (Lolabaylo)
Link to peer review: https://en.wikipedia.org/wiki/User:Hiiisparks/Smudge_attack/Lolabaylo_Peer_Review?preload=Template%3ADashboard.wikiedu.org_peer_review

Plusoneplusone peer review
This is where you will complete your peer review exercise. Please use the following template to fill out your review.

General info[edit]

 * Whose work are you reviewing? Hiiisparks
 * Link to draft you're reviewing: User:Hiiisparks/sandbox

Lead[edit]
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer? Yes.
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic? Yes, the first sentence is an introductory sentence.
 * Does the Lead include a brief description of the article's major sections? Maybe the lead section should include an overview of what the rest of the article talks about (and the structure of the article).
 * Does the Lead include information that is not present in the article? The experiment mentioned in the lead section isn't mentioned anywhere else. Probably need to be fixed.
 * Is the Lead concise or is it overly detailed? I think the lead section has been very successful in presenting relevant information. The introductory sentence is well-written. However, I think it's a little too detailed. Some of the information, for instance the part that talks about an experiment, can be added into the body paragraphs.

Content[edit]
Guiding questions:


 * Is the content added relevant to the topic? Yes, everything is relevant.
 * Is the content added up-to-date? Yes, there are a lot of sources from the past three years.
 * Is there content that is missing or content that does not belong? No.
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics? I think the topic itself is pretty neutral, and it's pretty difficult to relate with historically underrepresented population.

Tone and Balance[edit]
Guiding questions:


 * Is the content added neutral? Yes.
 * Are there any claims that appear heavily biased toward a particular position? No, I didn't find any claims that are heavily biased.
 * Are there viewpoints that are overrepresented, or underrepresented? No.
 * Does the content added attempt to persuade the reader in favor of one position or away from another? No, I can see the author's purpose is just to be informative.

Sources and References[edit]
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information? Most of the content is backed up with a reliable secondary source of information, others are all working on progress. (The author knows where to cite sources and is in the progress of finding them).
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic? Yes, there are already a wide range of sources (which is impressive).
 * Are the sources current? Yes, I can see sources that are from the past three years.
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible? Yes.
 * Check a few links. Do they work? Yes, they work.

Organization[edit]
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read? Yes.
 * Does the content added have any grammatical or spelling errors? There are rarely grammatical or spelling errors.
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic? Yes, the structure of this article flows from history to methods, attackers, countermeasures etc. It's very comprehensive.

Images and Media[edit]
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic? No, there are no images so far. I could see potential chances of adding images (such as fingerprint lock etc).
 * Are images well-captioned? Not applicable.
 * Do all images adhere to Wikipedia's copyright regulations? Not applicable.
 * Are the images laid out in a visually appealing way? Not applicable.

For New Articles Only (Not applicable since this is not a new article)[edit]
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject?
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject?
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles?
 * Does the article link to other articles so it is more discoverable?

Overall impressions[edit]
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete? The article is already in a very good shape, and the content added is relevant and well-organized.
 * What are the strengths of the content added? The content added has cited a wide range of sources and provided lots of new information. The structure of this article is comprehensive and the tone is neutral. Also, the content added is already thorough.
 * How can the content added be improved? The lead section might need to be improved (to be more concise and try to avoid giving new information). Images can be added to the article to enhance the reader's understanding. There are several places that need citations, and I believe it's already working in progress.

General info[edit]

 * Whose work are you reviewing? (provide username): hiiisparks
 * Link to draft you're reviewing: https://en.wikipedia.org/wiki/Smudge_attack

Lead[edit]
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer? yes
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic? yes
 * Does the Lead include a brief description of the article's major sections? yes
 * Does the Lead include information that is not present in the article? no, but I would expand on the various types of breaches including fingerprint.
 * Is the Lead concise or is it overly detailed? yes, good lead section! Consider adding another paragraph or two to add introductions for the types of breaches, history, and context!

Lead evaluation[edit]
Good lead section, but make sure to include whatever sections you add to the section as introductions.

Content[edit]
Guiding questions:


 * Is the content added relevant to the topic? yes
 * Is the content added up-to-date? yes
 * Is there content that is missing or content that does not belong? Yes, make sure you finish your section on types of smudge attacks (I know it's a limited topic), and consider adding a section on history of smudge attacks, its current uses and applications, and weaknesses/drawbacks.
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics? No, but it's not supposed to, I think.

Content evaluation[edit]
Good content so far but use more sources (and also cite more sources, try to have at least one source cited per paragraph) and expand on additional topics and add new sections.

Tone and Balance[edit]
Guiding questions:


 * Is the content added neutral? mostly yes.
 * Are there any claims that appear heavily biased toward a particular position? although the content is mostly neutral, the article should address the shortcomings and weaknesses of bioinformatics and biological data in another section.
 * Are there viewpoints that are overrepresented, or underrepresented? So far the article only talks about the drawbacks of smudge attacks, mostly neutral.
 * Does the content added attempt to persuade the reader in favor of one position or away from another? Mostly neutral.

Tone and balance evaluation[edit]
Need to add more weaknesses, further research needed, and drawbacks of biological data.

Sources and References[edit]
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information? Yes
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic? Yes, the one source does reflect the available literature but needs to add more.
 * Are the sources current? Yes
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible? yes, there is only one but that source seems to have diverse ideas. There is only 1 source, but that source is academic and relevant.
 * Check a few links. Do they work? The one source doesn't have a working link, the link gives an error.

Sources and references evaluation[edit]
Need to add more source and make sure links are working!

Organization[edit]
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read? Yes, so far it's concise!
 * Does the content added have any grammatical or spelling errors? The lead sentences can be broken down into shorter sentences. Consider using semicolons too.
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic? Since the article only has one section so far, I can't tell. But for every section be sure to break them down into digestible parts that reflect the lead section.

Organization evaluation[edit]
Good organization so far, make sure when you are writing your next sections, add subsections to break down each section further.

Images and Media[edit]
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic? Yes, but maybe include a more relevant photo ? The IPad works too
 * Are images well-captioned? Yes
 * Do all images adhere to Wikipedia's copyright regulations? Yes
 * Are the images laid out in a visually appealing way? Yes

Images and media evaluation[edit]
consider adding a couple for other ways of smudge attacks, but the photo is fine.

For New Articles Only[edit]
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject? yes
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject? only one source, please add more.
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles? yes
 * Does the article link to other articles so it is more discoverable? Nope, you need to try to link your article to other articles.

New Article Evaluation[edit]
Add more sources and link to other articles similar/related to yours!

Overall impressions[edit]
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete? The content so far introduces the general concepts of Smudge attacks, but has room to improve on in adding more content! I think the picture is fine, and more information on the history/ context/ applications of smudge attacks could be added in your article !
 * What are the strengths of the content added? it's concise and all sentences support the lead section. also it's easy to read and the sentences form smoothly.
 * How can the content added be improved? more citations/sources for next draft, link to other articles, add some new sections, and add examples to current sections.

Overall evaluation[edit]
Good job so far! I would continue to add new contents and make sure you cite sentences or paragraphs!

Peer review (Brian)
This is where you will complete your peer review exercise. Please use the following template to fill out your review.

General info

 * Whose work are you reviewing? (provide username)
 * Hiiisparks
 * Link to draft you're reviewing:
 * User:Hiiisparks/sandbox

Lead
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer?
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic?
 * Does the Lead include a brief description of the article's major sections?
 * Does the Lead include information that is not present in the article?
 * Is the Lead concise or is it overly detailed?

Lead evaluation
Overall, the lead is concise and covers sections of the following body paragraphs. It is easy-to-understand and introduces the topic well.

Content
Guiding questions:


 * Is the content added relevant to the topic?
 * Is the content added up-to-date?
 * Is there content that is missing or content that does not belong?
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics?

Content evaluation
Overall, the content of the article is diverse and seems to cover all possible sections related to smudge attacks. Content is up-to-date and no irrelevant content is present.

Tone and Balance
Guiding questions:


 * Is the content added neutral?
 * Are there any claims that appear heavily biased toward a particular position?
 * Are there viewpoints that are overrepresented, or underrepresented?
 * Does the content added attempt to persuade the reader in favor of one position or away from another?

Tone and balance evaluation
Overall, the article is neutral and unbiased towards any particular opinions. It also contains multiple viewpoints.

Sources and References
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information?
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic?
 * Are the sources current?
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible?
 * Check a few links. Do they work?

Sources and references evaluation
There is a wide variety and quantity of sources cited in the article. The sources are current and seem to work.

Organization
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read?
 * Does the content added have any grammatical or spelling errors?
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic?

Organization evaluation
The article is organized neatly, with sections and subsections clearly identifying the topic of each segment.

Images and Media
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic?
 * Are images well-captioned?
 * Do all images adhere to Wikipedia's copyright regulations?
 * Are the images laid out in a visually appealing way?

Images and media evaluation
At the moment, no images are present in the article.

For New Articles Only
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject?
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject?
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles?
 * Does the article link to other articles so it is more discoverable?

Overall impressions
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete?
 * What are the strengths of the content added?
 * How can the content added be improved?

Overall evaluation
Overall, I feel like this is a well-written and fairly detailed article on smudge attacks. My only suggestion would be to include images to further your stated examples. Good work! :)

Peer review (HanMiKC)
This is where you will complete your peer review exercise. Please use the following template to fill out your review.

General info

 * Whose work are you reviewing? Hiiisparks
 * Link to draft you're reviewing: User:Hiiisparks/sandbox

Lead
Guiding questions:


 * Has the Lead been updated to reflect the new content added by your peer?
 * Does the Lead include an introductory sentence that concisely and clearly describes the article's topic?
 * Does the Lead include a brief description of the article's major sections?
 * Does the Lead include information that is not present in the article?
 * Is the Lead concise or is it overly detailed?

Lead evaluation
The lead is informative and easy to read, however there aren't any sentences that discuss the other sections in the article. While I understand that there are a lot of sections and the lead could start to get long, the lead should still include brief descriptions of main sections.

Content
Guiding questions:


 * Is the content added relevant to the topic?
 * Is the content added up-to-date?
 * Is there content that is missing or content that does not belong?
 * Does the article deal with one of Wikipedia's equity gaps? Does it address topics related to historically underrepresented populations or topics?

Content evaluation
The content added is relevant and relatively up-to-date, with the sources ranging from the span of a little less than a decade. There isn't much content that doesn't belong, except for the subsection about SmudgeSafe. If you are unable to find a reliable source on this topic then it's best to just remove it or not make it an entire subsection at least. The article is very technically-based and there isn't much talk about how underrepresented populations are affected. In my personal opinion, I feel that there are too many sections, like Password measures are examples of countermeasures, yet they are two separate sections. I think that this can make the article seem hard to navigate and remember what the original article was about in the first place.

Tone and Balance
Guiding questions:


 * Is the content added neutral?
 * Are there any claims that appear heavily biased toward a particular position?
 * Are there viewpoints that are overrepresented, or underrepresented?
 * Does the content added attempt to persuade the reader in favor of one position or away from another?

Tone and balance evaluation
The content is neutral and no claims that are biased. There are no viewpoints that the author pushes and doesn't persuade the reader in anyway.

Sources and References
Guiding questions:


 * Is all new content backed up by a reliable secondary source of information?
 * Are the sources thorough - i.e. Do they reflect the available literature on the topic?
 * Are the sources current?
 * Are the sources written by a diverse spectrum of authors? Do they include historically marginalized individuals where possible?
 * Check a few links. Do they work?

Sources and references evaluation
The links I checked work. The sources are current, for the most part, and they reflect literature available on the subject. They are diverse in content.

Organization
Guiding questions:


 * Is the content added well-written - i.e. Is it concise, clear, and easy to read?
 * Does the content added have any grammatical or spelling errors?
 * Is the content added well-organized - i.e. broken down into sections that reflect the major points of the topic?

Organization evaluation
The content is well-written, but I think the sections could be broken down better (basically what I said for the countermeasures and password creation sections, I'm unsure why they are separated. Perhaps instead make passwords another subsection under countermeasures, unless you feel otherwise).

Images and Media
Guiding questions: If your peer added images or media


 * Does the article include images that enhance understanding of the topic?
 * Are images well-captioned?
 * Do all images adhere to Wikipedia's copyright regulations?
 * Are the images laid out in a visually appealing way?

Images and media evaluation
No images to evaluate. However, I do think that your article would greatly benefit from adding images. Due to its sheer length, pictures will help break the content down into more digestible parts

For New Articles Only
If the draft you're reviewing is a new article, consider the following in addition to the above.


 * Does the article meet Wikipedia's Notability requirements - i.e. Is the article supported by 2-3 reliable secondary sources independent of the subject?
 * How exhaustive is the list of sources? Does it accurately represent all available literature on the subject?
 * Does the article follow the patterns of other similar articles - i.e. contain any necessary infoboxes, section headings, and any other features contained within similar articles?
 * Does the article link to other articles so it is more discoverable?

New Article Evaluation
Yes to all the points above. I think the article is well-hyperlinked and there are plenty of hyperlinks that make it more discoverable.

Overall impressions
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete?
 * What are the strengths of the content added?
 * How can the content added be improved?

Overall evaluation
Overall, the article is very informative and well-written. The sources all look good. I would suggest putting a brief description of major sections in your lead, reorganize some of the sections, and add more images. Good job!

Review (Leadership team)
Hi Hiiisparks, I think this is a great draft so far with clear structure and comprehensive information on the topic. I personally learned a lot from your article. I really like the countermeasures section that has a nice structure and very detailed information. Also, I noticed you used 20+ sources to support your article, which is really nice and demonstrates the credibility of the article. You also have multiple hyperlinks, which is also a great way to guide your readers to more specific information. In general, I think you have a really well-structured article. Here are some specific suggestions:


 * For some long paragraphs, you only have one source to support it, such as "Multi-touch Authentication with Touch with Fingers Straight and Together (TSFT)" and "Types of Attackers". If you could, finding more sources could help with make the article more objective, since we don't want to depend on one specific research too much, especially when that is not a review article. So, including more sources (either from reviews or not) on a specific topic could help make your article more objective.
 * I think you mean "on" in the sentence "method ob mobile phones at 78%."
 * "it is already" in the sentence " unless it is has already been used earlier"
 * "randomly" in "Use random generated passwords."
 * "account" in "These touch events accounts for the XY-coordinates"
 * "the" in "The amount of passwords in the subspace is the exact same as teh original Knock Code. "
 * Also, I notice the dew last sentences in the second introductory paragraph does not have any citations. I would suggest you to look back and find the sources which support those sentences. This is because the introductory is one of the most important and is expected to be well-supported.

In general, I think you have a great draft so far. Both the structure and information look really nice. Good job! And good luck on your final article. :)

Peer review (Madssnake)
week 11 review

Lead
Great lead! I think you do a great job introducing what a smudge attack is, and I understood right away. This is super random, but maybe clarify that people’s fingers naturally produce oils? The oily smudges from the user’s fingers seem a bit vague (edit: I saw that you discussed it later, but it would still be nice to mention here? The explanation later is a lot more complicated, so you could maybe give a simple rundown in the lead). Because you have a lot of content in the following sections it can be hard to preface it all, but I think most of it is mentioned. I would maybe elaborate on the how a tiny bit for the countermeasures sentence, because at this point in the article “TinyLock” and “SmudgeSafe” mean nothing to me (what are they? Softwares? Physical items? Maybe just add a quick note about that). Other than that, great lead!

copy edit suggestion: “...infer the most frequent user input swipes or taps.” → maybe change to “infer the most frequent swipes or taps from the user.” ? I think that flows a little better.

suggestion: include the acronym (PIN) after introducing personal identification numbers, as PIN comes up later in the next section but without really an explanation or connection.

Content
I like how you have a lot of content! Since your article is pretty much mainspace ready, here are just a few suggestions:

question (History): was the attack method first researched by them? The biggest research done on it? Only research? Maybe clarify that a bit.

copy edit suggestion (Dangers): I feel like the opening sentence should have a “but” conjunction and not an “and”? Such as “it’s an easy task, but the ramifications can greatly and negatively affect the victim.” It doesn’t have to be that, but the “and” is throwing me off…

clarification (Dangers): maybe clarify that they used facebook to create other smudges / make it harder to guess a password.

copy edit (Preserving fingerprints): don’t forget a period at the end of the second sentence. Also, maybe use regular bullet points in the visibility section? I don’t think Wikipedia articles use dashes.

suggestion (Mapping fingerprints to keypad): the Laplace edge detection algorithm term comes out of nowhere and isn’t really explained. If it is doing the sharpening, maybe do a quick description before (such as “a sharpening algorithm called the Laplace edge detection algorithm is used to sharpen the image and eliminate...”

copy edit (Differentiating between multiple fingerprints): change the “--” to “––” (if you’re on a Mac then press option while pressing dash). Last sentence of the first paragraph, remove the extra period after “AOV system” and the extra space before the citation [13] (and another extra space in the Countermeasures first paragraph, Touch-Interaction paragraph, TSFT and Bend PWs last citations, Knock code second sentence and last bullet pt).

clarification (Creating strong passwords): maybe provide a time for how frequently people should change their passwords, if any of your sources had any suggestions.

content (biometrics): I feel like you can maybe cut down on the biometrics part, but it’s also okay as is.

copy edit (TSFT): italicize et al. in second sentence.

copy edit / clarification (Knock code): is Knock Code a name? Maybe change them all to proper nouns (Code capitalized) or all to lowercase.

suggestion (Future): Your first two sentences sound a bit choppy and disconnected, maybe switch up the sentence starters.

Tone and Balance
Aside from the History section being on the shorter side, I think you do a good job of balancing out the amount of information in each section. Your tone is neutral, and you don’t try to persuade the reader to a certain side of things.

Sources and References
I like how you have a lot of Wikipedia articles linked, but I think you could add more––particularly to nouns or things that you list as examples for certain explanations, but don’t elaborate further on (edit, I wrote this when reading the lead, and saw that you added links to the main sections of those things (like biometrics). Maybe you could double link, so people can get an idea of something when they first come across the word, but I also think it’s good as is now). Also, great job getting a lot of sources! Just remember to add a source where you left a [citation needed] placeholder.

Organization
I think you have a well organized article, and the section ordering flows well. I don’t quite remember where it was instructed, but your sections titles don’t need “smudge attacks” repeated and all but the first word should be in lowercase if it is not a proper noun. Fix the titles and you should be all set.

Overall impressions
Overall, super amazing article. You write really well, and I learned a lot after reading this article. Aside from the smaller suggestions I have listed above, I think this is definitely mainspace ready! And, if you use the image from the original article, I think that would be a nice visual, although is there an image that shows clearer swipes or taps? That might be better suited for the article rather than one that simply depicts smudges. Great job Hiiisparks! Madssnake (talk) 06:21, 4 December 2020 (UTC)

Lead
Great lead! It is well-written, detailed (but overly so), and has citations.

Content
The content added is relevant and up-to-date.

Tone and Balance
The content's tone is neutral for the most part. Be careful at the end in your "Future" section; it can seem like you are trying to convince the reader that the future may lead the ways you describe. Instead, attribute those predictions to authors to make your article more neutral. Otherwise, the claims are not heavily biased towards any particular position and there are no over- or under- represented viewpoints.

Sources and References
The content is backed up by reliable secondary sources of information. The sources are thorough, written by a diverse spectrum of authors, and current (the most recent source is from 2020). I checked a few links, which worked.

Organization
The content is well-written, concise, and very easy to read. It is also very well-organized.

Suggestion: You mention Laplace suddenly in the "Mapping fingerprints to keypad" section. Maybe introduce it in that section (what it is, who made it, why it's important).

Copy-edit suggestions:

General:

- Make sure your section titles are not capitalized after the first letter. Ex. "Dangers of Smudge Attacks" should be "Dangers of smudge attacks" and "Preserving Fingerprints" should be "Preserving fingerprints"

- Your use of numbers should be consistent. Sometimes you spell out single-digits, other times you write their Arabic numeral.

"Dangers of smudge attacks" section:

- Change "Smudge attacks not only can be performed on" to "Smudge attacks can not only be performed on"

- Change "screens" to "screen" in "Those who use touch screens devices"

- Change "at" to "with" in "These kits increase the ease at which an attacker"

"Methods and techniques" section:

- Change "who" to "whom" in "between the user's fingerprints and those with who the device is shared"

- Delete "to" in "to fill in the contact region"

- Is "transform" correct in "the transform is applied to the test image"?

- Add a comma after "e.g." in "(e.g. n-gram Markov model)"

"Types of vulnerable security methods" section:

- Add "PINs" after "six-digit" in "six-digit have 1,000,000."

- Change "Test" to "Text" in "Test-based passwords"

- Change "is" to "are" in "is a popular type of security measure that people use to lock their phones" (Or, even better, change the phrase to "A text-based password is a popular type of....")

- "allows the user to draw a password as long as they want" -- As long as they want to? Are you talking about the user being allowed to opt-in to having a password?

- Delete ":" in "Android Pattern Passwords:" section title

"Countermeasures" section:

- Delete the first "The" and add commas to "15009" and "10054" in "The Muhammad et al. conduct an experiment using the BEAT method on Samsung smartphones and tablets and found that after collecting 15009 gesture samples and 10054 signature samples, the error rate of 3 gestures is 0.5% and about 0.52% for one signature."

- Delete "is" in "This method is mitigates smudge attacks because the smudges are all smushed together"

- Change "smudges" to "smudge" in "thus being more protected from smudges attacks than Android pattern lock"

- "and there are horizontal that track the finger length differences and vertical tracks the finger width" -- Horizontal and vertical what?

- Change "uses" to "use" in "and two fingers uses 3"

- Add a dash between "multi bend" in "multi bend gesture by simultaneously bending pairs of corners."

- Delete the space after "recall- based" in "This process combines recognition-based and cued recall- based authentication"

- Change the comma before "To" to a period in "In the Sierpinski triangle, a selected colored pattern is created during the registration and is hidden in the device, To"

- Change "1 x 1" in the heading to "1 x 2" in "2 x 2 and 1 x 1 Knock Code"

- Change "resistance" to "resistant" in "were more resistance to smudge attacks."

Images and Media
N/A. Try to find and add some pictures to your mainspace version if you can! They can be diagrams about the password authentication methods, which would help readers visualize the different methods.

For New Articles Only
The article meets WIkipedia's Notability requirements. The list of sources is exhaustive. The article links to other articles so it is more discoverable.

Overall impressions
Guiding questions:


 * Has the content added improved the overall quality of the article - i.e. Is the article more complete?
 * What are the strengths of the content added?
 * How can the content added be improved?

Overall evaluation
Really great job on this article. I was impressed with how much you covered. You explain technical terms and ideas in an easily accessible, understandable manner. I learned a lot from your article, which was very interesting (especially for someone with way too many passwords at the moment). After you've addressed the copy-edits, your article should be well on its way to being an awesome page in the Wikipedia mainspace. Great job!

Lead
The lead includes an introductory that is concise, but I would like a clearer explanation of what an information extraction attack is, even if it probably is self explanatory. Also would a citation to the information extraction wiki be useful?

Content
The content is up to date and provides a load of information.

Tone and Balance
For the most part the article maintains a neutral tone. One suggestion I have is under Dangers of smudge attack, "the human tendency" seems like an opinion. I noticed there is a citation, but I would personally cite the study or author to make it sound more neutral. This is just my personal opinion though.

Sources and References
For the most part, the article has good citations, and the parts where they are missing are already noted.

Organization
The content is well written with no grammatical or spelling errors that I could find. The content is also well organized by headers.

Images and Media
N/A.

Overall impressions
Overall this is a very concise and well written article. The article provides a lot of information and is backed by multiple sources. Keep up the good work, it looks great.