We propose a novel tap-based mobile user authentication system that enables users to authenticate
themselves by performing tap patterns on the back of the device. With this approach, the user first
selects a pattern as her password, then performs it to authenticate herself. On each authentication
attempt, the system compares the data from the built-in microphone and accelerometer with the
password, then authenticates the user when they are similar. Since the proposed approach requires
performing the tap patterns on the back of the device, it increases security by reducing the risks of
shoulder surfing, smudge, and video attack. In a user study, the approach yielded 70% accuracy
rate with just three samples, and was secure (17% successful attack rate) even in an ideal shoulder
surfing threat model. Further, most participants found it easy-to-use, felt secure while using it, and
wanted to keep using it on their devices.