Researchers in the United States have demonstrated that free-form lines and squiggles are much harder to imitate and so make for more secure digital passwords.

Much research is currently going into how to create and protect passwords for digital devices. Passwords are nowadays such commonplace things but protecting them poses a sizeable challenge now that everything is going digital and cyber-attacks are frequent. Recently researchers have come up with the idea of visual recognition of evocative images and GeoGraphical passwords. Now a new study has shown the effectiveness of using free-form gestures to guarantee password security. At the Department of Electrical and Computer Engineering at the School of Engineering at Rutgers University in the United States, Janne Lindqvist, one of the project leaders, has been working in collaboration with the Max Planck Institute for Informatics and the University of Helsinki to study the use of free-form lines and shapes as a way of enabling secure authentication. “With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical,” Lindqvist underlines.

Free squiggles a new option for security protection

The study, believed to be the first to explore free-form gestures as passwords, was officially unveiled at the MobiSys 2014 international conference on mobile systems, applications, and services held on 16-19 June at Bretton Woods, New Hampshire, USA. Free-form gestures – sweeping one’s fingers across a touchscreen to create lines and shapes – can be set up in the same way as a personal password in order to identify the user. “We saw that this security protection option was clearly missing in the scientific literature and also in practice, so we decided to test its potential, Lindqvist told the audience.  The Rutgers team asked sixty-three study participants to create a free gesture, recall it, and recall it again ten days later. The squiggles were captured on a recogniser system designed by the team. Using this data, the researchers obtained impressive results for the memorability of free-form gestures and have also invented a novel method to measure the complexity and accuracy of each gesture created.

Free-form ‘passwords’ are harder to steal

In contrast with traditional ID authentication methods – alphanumeric characters or ‘connect-the-dots’ grid patterns – this free-form gesture method is arguably much more effective as it is more difficult to replicate. “All it takes to steal a password is a quick eye," points out Lindqvist. To test out their analysis, the Rutgers researchers asked computer science and engineering students to do some ‘shoulder surfing’ to try to steal the free-form ‘passwords’. Despite their considerable experience with touchscreens, the students were not able to reproduce the patterns. There are no plans at the moment for widespread use of this ID technology, but the research team plans to continue analysing the security and management of this type of secure authentication.

By Eliane HONG