Are squiggly lines the future of password security?

June 04, 2014

As more people use smart phones or tablets to pay bills, make purchases, store personal information and even control access to their houses, the need for robust password security has become more critical than ever.

A new Rutgers University study shows that free-form gestures - sweeping fingers in shapes across the screen of a smart phone or tablet - can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer "connect-the-dots" grid exercises to be observed and reproduced by "shoulder surfers" who spy on users to gain unauthorized access.

"All it takes to steal a password is a quick eye," said Janne Lindqvist, one of the leaders of the project and an assistant professor in the School of Engineering's Department of Electrical and Computer Engineering. "With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical."

Lindqvist believes this is the first study to explore free-form gestures as passwords. The researchers will publish their findings in June as part of the proceedings of MobiSys '14, a premier international conference in mobile computing.

In developing a secure solution to this problem, Lindqvist and the other researchers from Rutgers and collaborators from Max-Planck Institute for Informatics, including Antti Oulasvirta, and University of Helsinki studied the practicality of using free-form gestures for access authentication. With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords. Since users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.

"You can create any shape, using any number of fingers, and in any size or location on the screen," Lindqvist said. "We saw that this security protection option was clearly missing in the scientific literature and also in practice, so we decided to test its potential."

To do so, the researchers applied a generate-test-retest paradigm where 63 participants were asked to create a gesture, recall it, and recall it again 10 days later. The gestures were captured on a recognizer system designed by the team. Using this data, the authors tested the memorability of free-form gestures and invented a novel method to measure the complexity and accuracy of each gesture using information theory. Their analysis demonstrated results favorable to user-generated, free-form gestures as passwords.

To put their analysis to practice, the Rutgers researchers then had seven computer science and engineering students, each with considerable experience with touchscreens, attempt to steal a free-form gesture password by shoulder surfing. None of the participants were able to replicate the gestures with enough accuracy, so while testing is in its preliminary stages, the gestures appear extremely powerful against attacks. While widespread adaptation of this technology is not yet clear, the research team plans to continue to analyze the security and management of free-form passwords in the future.
-end-


Rutgers University

Related Engineering Articles from Brightsurf:

Re-engineering antibodies for COVID-19
Catholic University of America researcher uses 'in silico' analysis to fast-track passive immunity

Next frontier in bacterial engineering
A new technique overcomes a serious hurdle in the field of bacterial design and engineering.

COVID-19 and the role of tissue engineering
Tissue engineering has a unique set of tools and technologies for developing preventive strategies, diagnostics, and treatments that can play an important role during the ongoing COVID-19 pandemic.

Engineering the meniscus
Damage to the meniscus is common, but there remains an unmet need for improved restorative therapies that can overcome poor healing in the avascular regions.

Artificially engineering the intestine
Short bowel syndrome is a debilitating condition with few treatment options, and these treatments have limited efficacy.

Reverse engineering the fireworks of life
An interdisciplinary team of Princeton researchers has successfully reverse engineered the components and sequence of events that lead to microtubule branching.

New method for engineering metabolic pathways
Two approaches provide a faster way to create enzymes and analyze their reactions, leading to the design of more complex molecules.

Engineering for high-speed devices
A research team from the University of Delaware has developed cutting-edge technology for photonics devices that could enable faster communications between phones and computers.

Breakthrough in blood vessel engineering
Growing functional blood vessel networks is no easy task. Previously, other groups have made networks that span millimeters in size.

Next-gen batteries possible with new engineering approach
Dramatically longer-lasting, faster-charging and safer lithium metal batteries may be possible, according to Penn State research, recently published in Nature Energy.

Read More: Engineering News and Engineering Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.