NPR logo Key To Securing Online Accounts May Be Just A Squiggle Away

All Tech Considered

Key To Securing Online Accounts May Be Just A Squiggle Away

Don't forget your squiggle. i
Corbis
Don't forget your squiggle.
Corbis

We've come a long way in the information age. We know how to put data on the cloud. We hold mobile devices that can carry as much music as a record store. We've figured out how to send photos to friends with lightning speed — and make them self-destruct after 10 seconds. And yet we haven't quite figured out passwords.

When security researchers announced earlier this year that the "Heartbleed" bug was making accounts on popular sites like Gmail vulnerable, we reset them. But with dozens of digital accounts — from e-banking and email to online shopping and social networking — who can remember all those characters on all those sites? Add to that the troublesome fact that many people still resort to terribly predictable passwords such as "123456," "abc123" or — the most ridiculous — "password." It's high time we rethink our security strategies in this digital age.

But before you pull out a dictionary in search of complicated words that no one knows, it might just come down to a simple technique you probably mastered in preschool: drawing a squiggly line.

Engineering researchers at Rutgers University have discovered that free-form symbols might be the ultimate password. They explored this technique in a study with 63 participants who were asked to create a gesture and then remember it later on; the results were favorable, according to researchers. The uniqueness of someone's squiggle makes it a tough password to rip off.

The idea with gesture passwords could disrupt Apple's familiar keypad or thumbprint passwords on iOS, Google's connect-the-dots pattern passwords on Android or even Microsoft's "picture password" on Windows. Instead of being limited to the password possibilities on those systems, free-form gestures would take advantage of an entire touchscreen. The technology would "notice" the speed at which you draw the lines and the sharpness of your angles.

"All it takes to steal a password is a quick eye," Janne Lindqvist, one of the project leaders at Rutgers, said in a statement.

The researchers say "shoulder surfers" who peep on others to steal passwords can more easily reproduce typed or connect-the-dots passwords. With free-form passwords on touchscreen devices, however, a user would not be limited to any certain shape or size and could use any part of the screen and any number of fingers. That means hackers would have a much harder time trying to replicate a unique drawing.

Gesture passwords could be our ticket to a world where we don't have to hit "I forgot my password" every other day.

Then again, better not forget your squiggly line.

Vignesh Ramachandran is a tech buff and journalist working in the San Francisco Bay Area. Follow him on Twitter @VigneshR.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.