Featured Research

from universities, journals, and other organizations

Are squiggly lines the future of password security?

Date:
June 4, 2014
Source:
Rutgers University
Summary:
As more people use smart phones and tablets to store personal information and perform financial transactions, the need for robust password security is more critical than ever. A new study shows that free-form gestures -- sweeping fingers in shapes across the screen -- can be used to unlock phones and grant access to apps. These gestures are less likely to be observed and reproduced by 'shoulder surfers' who spy on users to gain unauthorized access.

Researchers studied the practicality of using free-form gestures for access authentication on smart phones and tablets. With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords. Since users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.
Credit: Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, and Teemu Roos; Rutgers University, Max-Planck Institute for Informatics and University of Helsinki.

As more people use smart phones or tablets to pay bills, make purchases, store personal information and even control access to their houses, the need for robust password security has become more critical than ever.

A new Rutgers University study shows that free-form gestures -- sweeping fingers in shapes across the screen of a smart phone or tablet -- can be used to unlock phones and grant access to apps. These gestures are less likely than traditional typed passwords or newer "connect-the-dots" grid exercises to be observed and reproduced by "shoulder surfers" who spy on users to gain unauthorized access.

"All it takes to steal a password is a quick eye," said Janne Lindqvist, one of the leaders of the project and an assistant professor in the School of Engineering's Department of Electrical and Computer Engineering. "With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical."

Lindqvist believes this is the first study to explore free-form gestures as passwords. The researchers will publish their findings in June as part of the proceedings of MobiSys '14, an international conference in mobile computing.

In developing a secure solution to this problem, Lindqvist and the other researchers from Rutgers and collaborators from Max-Planck Institute for Informatics, including Antti Oulasvirta, and University of Helsinki studied the practicality of using free-form gestures for access authentication. With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords. Since users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.

"You can create any shape, using any number of fingers, and in any size or location on the screen," Lindqvist said. "We saw that this security protection option was clearly missing in the scientific literature and also in practice, so we decided to test its potential."

To do so, the researchers applied a generate-test-retest paradigm where 63 participants were asked to create a gesture, recall it, and recall it again 10 days later. The gestures were captured on a recognizer system designed by the team. Using this data, the authors tested the memorability of free-form gestures and invented a novel method to measure the complexity and accuracy of each gesture using information theory. Their analysis demonstrated results favorable to user-generated, free-form gestures as passwords.

To put their analysis to practice, the Rutgers researchers then had seven computer science and engineering students, each with considerable experience with touchscreens, attempt to steal a free-form gesture password by shoulder surfing. None of the participants were able to replicate the gestures with enough accuracy, so while testing is in its preliminary stages, the gestures appear extremely powerful against attacks. While widespread adaptation of this technology is not yet clear, the research team plans to continue to analyze the security and management of free-form passwords in the future.


Story Source:

The above story is based on materials provided by Rutgers University. Note: Materials may be edited for content and length.


Cite This Page:

Rutgers University. "Are squiggly lines the future of password security?." ScienceDaily. ScienceDaily, 4 June 2014. <www.sciencedaily.com/releases/2014/06/140604203259.htm>.
Rutgers University. (2014, June 4). Are squiggly lines the future of password security?. ScienceDaily. Retrieved July 24, 2014 from www.sciencedaily.com/releases/2014/06/140604203259.htm
Rutgers University. "Are squiggly lines the future of password security?." ScienceDaily. www.sciencedaily.com/releases/2014/06/140604203259.htm (accessed July 24, 2014).

Share This




More Computers & Math News

Thursday, July 24, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Creative Makeovers for Ugly Cellphone Towers

Creative Makeovers for Ugly Cellphone Towers

AP (July 24, 2014) — Mobile phone companies and communities across the country are going to new lengths to disguise those unsightly cellphone towers. From a church bell tower to a flagpole, even a pencil, some towers are trying to make a point. (July 24) Video provided by AP
Powered by NewsLook.com
Robot Parking Valet Creates Stress-Free Travel

Robot Parking Valet Creates Stress-Free Travel

AP (July 23, 2014) — 'Ray' the robotic parking valet at Dusseldorf Airport in Germany lets travelers to avoid the hassle of finding a parking spot before heading to the check-in desk. (July 23) Video provided by AP
Powered by NewsLook.com
Facebook Earnings Put Smile on Investors Faces

Facebook Earnings Put Smile on Investors Faces

Reuters - Business Video Online (July 23, 2014) — Facebook earnings beat forecasts- with revenue climbing 61 percent. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com
StubHub Caught in Global Cyber Crime Ring

StubHub Caught in Global Cyber Crime Ring

Reuters - Business Video Online (July 23, 2014) — eBay's StubHub is caught up in an international cyber crime ring stretching from North America to Europe. Conway G. Gittens reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins