Touch me once and I know it's you! Implicit Authentication based on Touch Screen Patterns

Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, Heinrich Hussmann
CHI 2012, Austin, Texas 2012
tl;dr: An implicit authentication method that strengthens Android-style password patterns by also verifying how users draw them. Beyond the shape itself, the system analyzes input dynamics to add a transparent security layer without reducing convenience.

Password patterns, as used on current Android phones, and other shape-based authentication schemes are highly usable and memorable. In terms of security, they are rather weak since the shapes are easy to steal and reproduce. In this work, we introduce an implicit authentication approach that enhances password patterns with an additional security layer, transparent to the user. In short, users are not only authenticated by the shape they input but also by the way they perform the input. We conducted two consecutive studies, a lab and a long-term study, using Android applications to collect and log data from user input on a touch screen of standard commercial smartphones. Analyses using dynamic time warping (DTW) provided first proof that it is actually possible to distinguish different users and use this information to increase security of the input while keeping the convenience for the user high.