User-generated free-form gestures for authentication: Security and memorability

Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, Teemu Roos

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

67 Citations (Scopus)


This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

Original languageEnglish
Title of host publicationMobiSys 2014 - Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery (ACM)
Number of pages14
ISBN (Print)9781450327930
Publication statusPublished - 2014
MoE publication typeA4 Article in a conference publication
EventInternational Conference on Mobile Systems, Applications, and Services - Bretton Woods, United States
Duration: 16 Jun 201419 Jun 2014
Conference number: 12


ConferenceInternational Conference on Mobile Systems, Applications, and Services
Abbreviated titleMobiSys
CountryUnited States
CityBretton Woods


  • gestures
  • memorability
  • mutual information
  • security


Dive into the research topics of 'User-generated free-form gestures for authentication: Security and memorability'. Together they form a unique fingerprint.

Cite this