Abstract

This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form ges-tures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger ges-tures, and the other half generated multi-finger gestures. Al-though there has been recent work on template-based ges-tures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form ges-tures. Hence, we modify a recently proposed metric for an-alyzing information capacity of continuous full-body move-ments for this purpose. Our metric computed estimated mu-tual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We conclude the paper with strategies for generating secure and memorable free-form gestures, which present a robust method for mo-bile authentication. 1.