“…Markov models have proven a useful tool to model userchosen authentication secrets in the past, both for passwords [21], [17], [11] and Android Unlock patterns [30]. We expect them to provide reasonable predictions for the studied EmojiAuth scheme as well, specifically in the light of previous work by Kraus et al [15] which found that common (self-reported) strategies for selecting passcodes were based on creating a story, repeating events of my life, and visual patterns "A-B-A-B". (Note that other common strategies did not necessarily involve a specific order of emoji, such as important things of their lives or tried to select a random passcode, and are thus less well modeled by Markov models.…”