But the technology for mobile devices is a bit different. First introduced by SoftAva as PicturePassword for Treo in 2005, it worked through a two-step process. The user selected a picture from the software's built-in archive (the system couldn't accept a custom photo or picture), then selected a grid overlay and the number and location of taps on the picture with a stylus. If the user tapped the picture the right number of times in...
the right location, they were granted access. If they failed, they would be prompted for their regular password.
PicturePassword was eventually discontinued, but a similar technology was developed in 2007 by researchers at Newcastle University in the UK. In that system, the user chose a picture, but then had to draw a simple design on top of the background image. Since most people aren't artists, simple stick drawings were sufficient. The principle is the same as PicturePassword in that users have to remember their picture and then superimpose something with a stylus on top of the background picture.
The latest such technology is Origami Experience 2.0 from the Origami Project. It was released earlier this year at the Consumer Electronics Show. Origami Experience 2.0 is software for ultra-mobile PCs (UMPCs), which are about the size of a paperback book and run on Windows Vista. Like the PicturePassword software, the user taps on a background picture to gain access. So far, Origami Experience is limited to UMPCs.
The market for picture passwords on mobile devices is still quite limited. Another thing to consider is that, despite the ease of use, it's basically single-factor authentication. A picture password is basically a glorified password, which, with a bit more effort, could be shoulder surfed.
Since the technology isn't widespread yet, it's not on the radar screens of hackers, so it's too early to say how secure it really is.
- Learn more about trends in identity and access management.
- Should users set up password expiries in Active Directory? Read more.
Dig deeper on Password Management and Policy
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
The spectrum of authentication tools is broad, ranging from simple user ID and password systems to biometrics. For Internet access from a company, ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.