With over 70% smartphone ownership in the UK, and the freedom of movement they allow us, with features such as internet access on the go, our smartphones carry an increasing amount of personal information.
And often, there is just a single layer of security protecting all of a person’s emails, text messages, bank accounts, and social media profiles.
Typically this is the password that unlocks the home screen and is either in the form of a password, pattern, fingerprint, or could be in the form of a new type of freeform gesture.
Free-form gesture passwords have been recently proposed as an alternative for mobile user authentication by leading researchers in the US.
Freeform gesture passwords allow users to draw any shape or pattern on a blank touchscreen display using one or more fingers.
Additionally, these gestures have been shown to be more secure, memorable, and faster to input than conventional smartphone authentication methods. As users draw a shape or picture on the screen, fingers are tracked on where, and how quickly (or slowly) they move.
Furthermore, a gesture can incorporate multiple finger inputs (drastically increasing its security). It goes that without saying that gesture passwords conform much more easily to the form factor of mobile and tablet devices.
With small buttons on smartphones to enter numbers and punctuation marks; text passwords can be hard and cumbersome for some users to input on mobile devices.
As a result, people tend to instead rely on PIN codes. Whilst these are faster to input, they are more easily guessed.
They are typically short sequences, around four digits, and are often chosen in predictable ways: for example, using birth dates.
On the other hand, some Android devices allow users to choose a connect-the-dots pattern on a grid on the screen —but those can be even less secure than four-digit PINs.
With regards to biometric sensors, such as fingerprints, it might seem that these would be the strongest form of encryption. Whilst correct in one sense, since these biometric measurements are unique to each person, most systems that let a user allow fingerprint access also require a PIN or password as an alternate backup.
This means a determined hacker could simply skip the biometric step and instead just start guessing the password or pin.
Following is a comparison in security between common authentication methods:
- Five-letter Passwords: 5,904,900,000 permutations (based on 90 available characters on the US English keyboard).
- Five-Point Pattern: 15,120 permutations (based on 9 points to choose from and starting on the middle point).
- Four-digit Pin: 9,999 permutations.
From this it is clear that passwords are much more secure than patterns, and then again patterns are more secure than pins. Whilst permutation numbers of free-form gestures are comparable to those of 5 letter passwords, the simplicity and speed of input significantly favour free-form gesture authentication.
In conclusion, whilst this authentication method is still a long way from being realised on mobile and tablet platforms, studies have provided compelling evidence that support the security and ease of input of gesture based authentication over more traditional authentication methods.
Dylan, Consultant, Leyton UK