Free-form gestures may replace PINs and passwords on phones
comments
Following a number of high-profile security breaches, experts are once again predicting the demise of traditional passwords, but what is the alternative?
Researchers from New Jersey believe they've come up with a solution that adds a new, more secure spin to the grid-based patterns currently used on iPhones and Android devices.
It is the first free-form gesture password system that lets someone access a tablet, phone or computer simply by mimicking their previous motion on screen.
Scroll down for video
Researchers have studied the practicality of using free-form gestures (pictured) for access authentication on smart phones and tablets. With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords and were harder to copy by hackers
As more people use smart phones or tablets to pay bills, make purchases, store personal information and even control access to their houses, the need for robust password security has become more critical than ever.
IS YOUR FACE THE MOST SECURE PASSWORD?
It may not have all the bells and whistles, or the expense, of Apple's fingerprint scanner, but Google does offer an alternative way to unlock an Android phone - and it involves using your face.
The Face Unlock feature was originally introduced in 2011 as part of Android 4.0, also known as Ice Cream Sandwich, but despite this, it is still a relatively unknown tool.
It can recognise a person's face, and recent updates mean it can even establish whether or not the face being shown to the camera is real, or is a photograph.
Once a photograph is taken it is stored in an encrypted file and each time a person wants to unlock their phone with their face, the Android system will cross-reference the image with this original photograph.
The study by Rugers University in New Jersey shows that free-form gestures - sweeping fingers in shapes across the screen of a smart phone or tablet - can be used to unlock phones and grant access to apps.
These gestures are less likely than traditional typed passwords or newer 'connect-the-dots' grid exercises to be observed and reproduced by 'shoulder surfers' who spy on users to gain unauthorized access.
'All it takes to steal a password is a quick eye,' said Janne Lindqvist, one of the leaders of the project and an assistant professor in the School of Engineering's Department of Electrical and Computer Engineering at Rutgers University.
'With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical.'
Lindqvist believes this is the first study to explore free-form gestures as passwords.
The researchers will publish their findings this month as part of the proceedings of MobiSys 2014 - an international conference in mobile computing.
In developing a secure solution to this problem, Lindqvist and the other researchers from Rutgers and collaborators from Max-Planck Institute for Informatics and University of Helsinki studied the practicality of using free-form gestures for access authentication.
With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords.
Since users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.
Most passwords today are in the form of text or a pin (stock image shown), but future authentication for machines may be more possible with free-form gestures. Some modern devices like Android smartphones already employ a grid-based password system, while Microsoft's Windows 8 has a 'picture password' method
'You can create any shape, using any number of fingers, and in any size or location on the screen,' Lindqvist said.
'We saw that this security protection option was clearly missing in the scientific literature and also in practice, so we decided to test its potential.'
To do so, the researchers applied a generate-test-retest paradigm where 63 participants were asked to create a gesture, recall it, and recall it again 10 days later.
The gestures were captured on a system designed by the team.
Using this data, the authors tested the memorability of free-form gestures and invented a novel method to measure the complexity and accuracy of each gesture using information theory.
To put this analysis into practice, the Rutgers researchers then had seven computer science and engineering students, each with considerable experience with touchscreens, attempt to steal a free-form gesture password by shoulder surfing.
None of the participants were able to replicate the gestures with enough accuracy, so while testing is in its preliminary stages, the gestures appear extremely powerful against attacks.
While widespread adaptation of this technology is not yet clear, the research team plans to continue to analyse the security and management of free-form passwords in the future.
Put the internet to work for you.
0 comments:
Post a Comment