She then offered the iPad to me. On-screen, the app showed green tracks so I could drag my fingers along the same lines Sae-Bae did. Our hands are similar in size, so her hand-spread matched mine. Yet while I moved along the tracks, I noticed their paths felt uncomfortable and unnatural to me. Once I finished the gesture, I got a green frowning face to show I was locked out.
In two recent studies, Sae-Bae, who is studying for her doctorate at the Polytechnic Institute of New York University, has found that apps such as these could be secure, more memorable and more fun alternatives to passcodes and passwords. Sae-Bae's work is in its early stages, but she and her adviser, Nasir Memon, hope that in the future, gestures and swipes will prove to be a better alternative to passwords, crafted especially for the touch screen age.
"I think we are at a window of opportunity where the interface is changing," Memon said. He and Sae-Bae recently published a paper that discussed not only the proliferation of smartphones and tablets, but also research into making fabric and paper into touch-sensitive technology. Passwords are especially difficult to type into touch-screen devices, Memon added.
"They have some encouraging results," Kevin Bowyer, a computer scientist at the University of Notre Dame, wrote to TechNewsDaily in an email. (Bowyer studies biology-based password alternatives, called biometrics, but was not involved in Memon's work.) Bowyer added that Sae-Bae and Memon haven't tested swipes in enough people to prove they are able to distinguish individuals in a large population, such as all the people who use an email service. But it does look like gestures are enough to keep a handful of intruders out of your tablet."If there was an application where you only wanted to distinguish between, say, 10 different people who are potential users of some device, then these results seem really encouraging," Bowyer said.
How it worksEven when someone tries to copy another person's gesture, there are differences in how individuals pinch, swipe and turn, Sae-Bae explained. People have different fingertip distances, tracks along which they pinch and speed of swiping.
In her latest paper, which she presented Sept. 26 at a biometrics conference hosted by the Institute of Electrical and Electronics Engineers, Sae-Bae worked on ensuring her app was lenient enough to allow for the slightly different ways the same individual may perform a gesture, while still locking out imposters who try to copy someone's sign-in gesture. "You need to find a good balance," Memon said. [SEE ALSO: Computer IDs Culprits with Tattoo Recognition]
Sae-Bae tested 22 different gestures, including the five-finger pinch that I tried to copy from her. After gathering data from 34 study volunteers, she found that on average, gestures had about a 4 percent equal error rate, a standard measure of error in biometrics that takes into account false lockouts as well as false sign-ins. Smaller equal error rates are better.
Previously, in a paper Sae-Bae presented at an Association for Computing Machinery conference in May, she described another interesting finding. For that study, she asked volunteers to make 22 gestures on an iPad and rank which one was most fun to make. The more fun ones happened to be the most secure ones, she found. This is the polar opposite of what happens with text passwords, she said.
An uncertain future
There are still many tests ahead for Sae-Bae's app before it shows up in commercial devices. "It's still far from something grandpa and grandma will use," Memon said.
Sae-Bae will need to check if people easily remember the gestures they choose to replace their passcode, Memon said. One of the problems the researchers are trying to solve is the difficulty of remembering secure passwords.