What 'picture password' technologies are available for mobile devices?

What 'picture password' technologies are available for mobile devices?

What kinds of new "picture password" technologies are available for mobile devices, and as an authentication method is it any more convenient (and secure)?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The idea of a picture as a password isn't new. The technology works by replacing passwords with pictures stored on a system. The principle is that pictures are easier to recall than passwords and harder to lose, since the picture the user selects when registering is stored on the system and displayed on login.

But the technology for mobile devices is a bit different. First introduced by SoftAva as PicturePassword for Treo in 2005, it worked through a two-step process. The user selected a picture from the software's built-in archive (the system couldn't accept a custom photo or picture), then selected a grid overlay and the number and location of taps on the picture with a stylus. If the user tapped the picture the right number of times in the right location, they were granted access. If they failed, they would be prompted for their regular password.

PicturePassword was eventually discontinued, but a similar technology was developed in 2007 by researchers at Newcastle University in the UK. In that system, the user chose a picture, but then had to draw a simple design on top of the background image. Since most people aren't artists, simple stick drawings were sufficient. The principle is the same as PicturePassword in that users have to remember their picture and then superimpose something with a stylus on top of the background picture.

The latest such technology is Origami Experience 2.0 from the Origami Project. It was released earlier this year at the Consumer Electronics Show. Origami Experience 2.0 is software for ultra-mobile PCs (UMPCs), which are about the size of a paperback book and run on Windows Vista. Like the PicturePassword software, the user taps on a background picture to gain access. So far, Origami Experience is limited to UMPCs.

The market for picture passwords on mobile devices is still quite limited. Another thing to consider is that, despite the ease of use, it's basically single-factor authentication. A picture password is basically a glorified password, which, with a bit more effort, could be shoulder surfed.

Since the technology isn't widespread yet, it's not on the radar screens of hackers, so it's too early to say how secure it really is.

More information:

This was first published in July 2008

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top