As more people use smartphones or tablets to pay bills, make purchases, store personal information and even control access to their houses, the need for robust password security has become more critical than ever, researchers said.
A new Rutgers University study shows that free-form gestures - sweeping fingers in shapes across the screen of a smart phone or tablet - can be used to unlock phones and grant access to apps.
These gestures are less likely than traditional typed passwords or newer "connect-the-dots" grid exercises to be observed and reproduced by "shoulder surfers" who spy on users to gain unauthorised access.
"With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical," said Lindqvist.
More From This Section
Lindqvist and the other researchers from Rutgers and collaborators from Max-Planck Institute for Informatics, and University of Helsinki studied the practicality of using free-form gestures for access authentication.
With the ability to create any shape in any size and location on the screen, the gestures had an inherent appeal as passwords. Since users create them without following a template, the researchers predicted these gestures would allow for greater complexity than grid-based gestures offer.
The researchers applied a generate-test-retest paradigm where 63 participants were asked to create a gesture, recall it, and recall it again 10 days later.
The gestures were captured on a recogniser system designed by the team. Using this data, the authors tested the memorability of free-form gestures and invented a novel method to measure the complexity and accuracy of each gesture using information theory.
Their analysis demonstrated results favourable to user-generated, free-form gestures as passwords.
The researchers then had seven computer science and engineering students, each with considerable experience with touch-screens, attempt to steal a free-form gesture password by shoulder surfing.