Ask the Expert

What 'picture password' technologies are available for mobile devices?

What kinds of new "picture password" technologies are available for mobile devices, and as an authentication method is it any more convenient (and secure)?

    Requires Free Membership to View

The idea of a picture as a password isn't new. The technology works by replacing passwords with pictures stored on a system. The principle is that pictures are easier to recall than passwords and harder to lose, since the picture the user selects when registering is stored on the system and displayed on login.

But the technology for mobile devices is a bit different. First introduced by SoftAva as PicturePassword for Treo in 2005, it worked through a two-step process. The user selected a picture from the software's built-in archive (the system couldn't accept a custom photo or picture), then selected a grid overlay and the number and location of taps on the picture with a stylus. If the user tapped the picture the right number of times in the right location, they were granted access. If they failed, they would be prompted for their regular password.

PicturePassword was eventually discontinued, but a similar technology was developed in 2007 by researchers at Newcastle University in the UK. In that system, the user chose a picture, but then had to draw a simple design on top of the background image. Since most people aren't artists, simple stick drawings were sufficient. The principle is the same as PicturePassword in that users have to remember their picture and then superimpose something with a stylus on top of the background picture.

The latest such technology is Origami Experience 2.0 from the Origami Project. It was released earlier this year at the Consumer Electronics Show. Origami Experience 2.0 is software for ultra-mobile PCs (UMPCs), which are about the size of a paperback book and run on Windows Vista. Like the PicturePassword software, the user taps on a background picture to gain access. So far, Origami Experience is limited to UMPCs.

The market for picture passwords on mobile devices is still quite limited. Another thing to consider is that, despite the ease of use, it's basically single-factor authentication. A picture password is basically a glorified password, which, with a bit more effort, could be shoulder surfed.

Since the technology isn't widespread yet, it's not on the radar screens of hackers, so it's too early to say how secure it really is.

More information:

This was first published in July 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: