In the first field test of its type, the group installed an app on to 91 different Android phones, some of whom used a text-based password system, and the others the free-form gesture password. The app prompted the user to create, recall, regenerate, and input passwords for a variety of apps.
While Android phone users may be familiar with a gesture unlock system, it follows a strict pattern dictated by points on the screen. A free-form passcode doesn’t. Shapes, letters, words, symbols, or collections of lines can be used as passwords, made using one or more fingers. It’s an evolution of the gesture-based shortcuts we also see on some Android phones — Oppo and ZTE, for example, use gesture shortcuts to quickly access often used apps.
In the experiment, shapes such as a square, heart, triangle, and a star were the most popular free-form gesture passcodes used. These took less time to create than a text-based password — even when they were particularly complex — and made opening an app faster. Cutting down the time it takes to enter a passcode increases the chances of one being used at all, and also fits in with the way we use our phones, where speed is usually of the essence.
Remembering passwords is a big problem, especially when we should use different ones for different accounts. The research showed that even those who were testing the system with six accounts had an 83-percent success rate after a week, equal to text passwords. However, the amount of wrong password errors was lower for gestures than for text codes, after an hour of setting the code up. The main problem for remembering gesture passwords tended to be mistakenly reversing, rotating, or mirroring the pattern; but people were more likely to continue trying to re-enter a gesture code multiple times than those attempting to remember a text code.
There are clear advantages to using free-form gestures as security on a phone — not least the large touchscreen area to create and input them — but how secure are they? The tests carried out by the university showed the passcodes equaled text passwords for security, but it points out this wasn’t the focus of the study, and in-depth tests weren’t possible. However, it’s hoped the research will push other groups to investigate this further.
Editors' Recommendations
- Yubico has a new Lightning-based YubiKey to lock down your iOS devices
- How to password protect an Excel file
- ‘Fortnite’ security flaw let hackers spy on players through microphones
- Latest SMS breach could allow hackers access to your online accounts
- These are the worst passwords of 2018. Is yours on this list?
