Smartphone users leave their devices entirely unprotected, but even those who choose a four-digit PIN are vulnerable to “shoulder surfers” glimpsing the code and using it later – but a new form of password could come to the rescue.Rutgers Engineering Researchers Explore the Security and Memorability of Free-form Gestures as Passwords.
Rutgers study shows that free-form gestures – sweeping fingers in shapes across the screen of a smart phone or tablet can be used to unlock phones and grant access to apps.
These gestures are less likely than traditional typed passwords or newer “connect-the-dots” grid exercises to be observed and reproduced by “shoulder surfers” who spy on users to gain unauthorized access.
“All it takes to steal a password is a quick eye,” said Janne Lindqvist, one of the leaders of the project and an assistant professor in the School of Engineering’s Department of Electrical and Computer Engineering.
“With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical.”
Lindqvist and the other researchers from Rutgers and collaborators from Max-Planck Institute for Informatics, including Antti Oulasvirta, and University of Helsinki studied the practicality of using free-form gestures for access authentication.
Users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.
The researchers applied a generate-test-retest paradigm where 63 participants were asked to create a gesture, recall it, and recall it again 10 days later. The gestures were captured on a recognizer system designed by the team.
The authors tested the memorability of free-form gestures and invented a novel method to measure the complexity and accuracy of each gesture using information theory. Their analysis demonstrated results favorable to user-generated, free-form gestures as passwords.
the Rutgers researchers then had seven computer science and engineering students, each with considerable experience with touchscreens, attempt to steal a free-form gesture password by shoulder surfing.
None of the participants were able to replicate the gestures with enough accuracy, so while testing is in its preliminary stages, the gestures appear extremely powerful against attacks.
While widespread adaptation of this technology is not yet clear, the research team plans to continue to analyze the security and management of free-form passwords in the future.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment