The researchers say free form gestures could be more secure than passwords or “connect-the-dots” grid features.
Researchers from Rutgers School of Engineering in the US are exploring whether or not free form gestures could be used as a secure password.
A study by the researchers found that the free-form gestures, sweeping fingers in shapes across the screen of a smart phone or tablet, can replace password to unlock phones, access apps.
The researchers say free form gestures could be more secure than passwords or "connect-the-dots" grid features as the later can be easily memorised by ‘shoulder surfers’ who spy on users.
According to the researchers, the free form gestures could be complex compared to grid-based gestures as users create them without following a template.
Rutgers School of Engineering’s Department of Electrical and Computer Engineering assistant professor and one of the leaders of the project, Janne Lindqvist, said: "All it takes to steal a password is a quick eye."
"With all the personal and transactional information we have on our phones today, improved mobile security is becoming increasingly critical," Lindqvist added.
In order to assess the practicality of the method, researchers from Rutgers and collaborators from Max-Planck Institute for Informatics, including Antti Oulasvirta, and University of Helsinki studied the free-form gestures for access authentication.
During the study, the researchers applied a generate-test-retest paradigm where 63 participants were asked to draw a gesture, recall it, and recall it again 10 days later.
A recogniser system designed by the researchers captured the gestures and based on the data they tested the memorability of the gestures and found that the gestures can be used as passwords.
"You can create any shape, using any number of fingers, and in any size or location on the screen," Lindqvist said.
"We saw that this security protection option was clearly missing in the scientific literature and also in practice, so we decided to test its potential."
The researchers are now further testing their preliminary findings whether it can be used at wider scale though it appears as a better way to prevent password breaches.
The finding will be published in June MobiSys ’14, an international conference in mobile computing.