Problem solve Get help with specific problems with your technologies, process and projects.

What 'picture password' technologies are available for mobile devices?

Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel Dubin explains how picture passwords work and how they can be most effective.

What kinds of new "picture password" technologies are available for mobile devices, and as an authentication method is it any more convenient (and secure)?
The idea of a picture as a password isn't new. The technology works by replacing passwords with pictures stored on a system. The principle is that pictures are easier to recall than passwords and harder to lose, since the picture the user selects when registering is stored on the system and displayed on login.

But the technology for mobile devices is a bit different. First introduced by SoftAva as PicturePassword for Treo in 2005, it worked through a two-step process. The user selected a picture from the software's built-in archive (the system couldn't accept a custom photo or picture), then selected a grid overlay and the number and location of taps on the picture with a stylus. If the user tapped the picture the right number of times in the right location, they were granted access. If they failed, they would be prompted for their regular password.

PicturePassword was eventually discontinued, but a similar technology was developed in 2007 by researchers at Newcastle University in the UK. In that system, the user chose a picture, but then had to draw a simple design on top of the background image. Since most people aren't artists, simple stick drawings were sufficient. The principle is the same as PicturePassword in that users have to remember their picture and then superimpose something with a stylus on top of the background picture.

The latest such technology is Origami Experience 2.0 from the Origami Project. It was released earlier this year at the Consumer Electronics Show. Origami Experience 2.0 is software for ultra-mobile PCs (UMPCs), which are about the size of a paperback book and run on Windows Vista. Like the PicturePassword software, the user taps on a background picture to gain access. So far, Origami Experience is limited to UMPCs.

The market for picture passwords on mobile devices is still quite limited. Another thing to consider is that, despite the ease of use, it's basically single-factor authentication. A picture password is basically a glorified password, which, with a bit more effort, could be shoulder surfed.

Since the technology isn't widespread yet, it's not on the radar screens of hackers, so it's too early to say how secure it really is.

More information:

This was last published in July 2008

Dig Deeper on Password management and policy

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.