For a while now I have noticed the new type of login that certain touch screen devices including certain Android and Windows 8 devices. This is the swipe based log in method where the user will swipe their finger drawing a specific pattern across the screen. This pattern may be drawn across a number pad or an image depending on the device and is predefined by the user.
I know a few people who use this on their phones and they love it because they feel it is a faster way to log in and supposedly more secure?
I on the other hand think it is a really lousy form of password protection. Why? Because from a distance it can be pretty easy to see and memorize the log in pattern left behind when the user logs in. Let me explain. Most of the implementations I have seen this method are such that when the user swipes their password combination the interface will leave a trailing pattern. This pattern is relatively easy to memorize and will give one an idea of what the password combination is. For example if the pattern is in the form of the letter ‘Z’ and you know the keyboard layout was a number pad then the combination could likely be ‘1235789’.
What really struck me about this method was that as I was watching this person unlock their phone on the bus, the image of the pattern immediately stuck in my head. As a result I felt that had someone asked me to guess what the unlock number combination was, I am fairly certain that I could guess it. It would have been a lot more difficult for me to try to guess the unlock code had she simply typed out the combination.
I suppose you can always argue that removing the trailing pattern would help alleviate the flaw and I think that is true… however I feel that there should be better ways of authenticating a user. I just started using Google’s 2 step authentication which I am really liking and will blog about it soon.