Mobile Technology

Finger-drawn lines could replace PINs on mobile devices

A squiggly line like this may be more secure than your PIN
A squiggly line like this may be more secure than your PIN

Many of us now use our mobile devices for things like online banking, in crowded public places ... the sort of places where it would be easy for sometime to sneak a peek as we enter our passcodes. Researchers from New Jersey's Rutgers University, however, are working on a possible alternative to those typed codes. They've discovered that passwords consisting of hand gestures used to draw free-form lines on a smartphone or tablet screen are much more difficult for "shoulder surfers" to copy after seeing.

With a traditional PIN password, thieves can steal it simply by observing which numerical keys are pressed in what order. Additionally, people in general are notorious for creating very easily-guessed passwords. Even with newer 9-dot systems in which users "connect the dots" within a grid pattern, it's still just a matter of observing what dots are connected.

User-specific abstract line gestures, though, apparently aren't so easily replicated. This is partly because they don't rely on familiar numerals or grid points, that are easier to recognize and memorize.

They also allow for a greater number of variables that have to be successfully copied. These could include not only the shape and size of the lines, but also their location on the screen, the velocity and pressure at which they're drawn, and the number of fingers applied to the screen at once (in the case of multiple lines drawn simultaneously).

In a study that Rutgers carried out in collaboration with the Max-Planck Institute for Informatics and the University of Helsinki, 63 volunteers were required to come up with their own free-form line gesture passwords, that they had to successfully recall both immediately and 10 days later. When a group of seven shoulder surfers tried to replicate those gestures after spying on the volunteers, they were unable to do so with enough accuracy for a computer to consider it a match.

Although there are still some logistical challenges to be met (such as how someone would write such a password on paper to remind themselves, should they forget it), Rutgers states that the system appears to be "extremely powerful against attacks."

Source: Rutgers School of Engineering

  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
5 comments
Tom Swift
Or maybe you could just copy Apple and put fingerprint ID into the device.
Bob Flint
What is the difference from a signature, which you can see, and can that will vary greatly?
Try to retrace the pattern to what degree of accuracy?
Too generous, and anyone can trace follow the screen smudges, or maybe thermal scan to see your pattern.
63 volunteers were required to come up with their own free-form line gesture passwords, that they had to successfully recall both immediately and 10 days later. DID THEY?
StWils
I get the idea but how does one safely write down the password, like we all do, in case one forgets it, like we all do sooner or later?
sieler
Hope they're not filing patents ... saw this technology demonstrated back in 1979 or 1980 by a vendor hoping to sell it to Hewlett-Packard. It was impressive, but...HP management wasn't interested in security then.
Slowburn
Just glance over your shoulder and if anybody appears to be watching brain them with a crow bar.