We study the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose.
Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. Our work shows that free-form gestures present a robust method for mobile authentication.
Janne Lindqvist is an assistant professor of electrical and computer engineering and a member of WINLAB at Rutgers University. Janne directs the Rutgers Human-Computer Interaction Laboratory. From 2011-2013, Janne was an assistant research professor of ECE at Rutgers. Prior to Rutgers, Janne was a post-doc with the Human-Computer Interaction Institute at Carnegie Mellon University’s School of Computer Science. Janne received his M.Sc. degree in 2005, and D.Sc. degree in 2009, both in Computer Science and Engineering from Helsinki University of Technology, Finland.
He works at the intersection of human-computer interaction, mobile computing and security engineering. Before joining academia, Janne co-founded a wireless networks company, Radionet, which was represented in 24 countries before being sold to Florida-based Airspan Networks in 2005. His work has been featured several times in MIT Technology Review and recently also in The New York Times, Computerworld, IEEE Spectrum, Yahoo! News, phys.org, Tech Republic, and over 200 other online venues around the world. During his first year at Rutgers, Janne was awarded three NSF grants totaling nearly $1.3 million and a MobiCom best paper award.