Recognizing your own handwriting rather than remembering a password could be used for online identification, new research shows.
Your handwriting could be the best form of online security, say the developers of a new system that may one day replace difficult-to-remember passwords and PIN codes. With the new authentication program Dynahand, users just need to be able to recognize their own writing.
"I know it's my handwriting, but I don’t know how I know. I can't explain to somebody else how I do it," says Dr. Karen Renaud, a computer scientist and lecturer at the UK's University of Glasgow. She argues that's what makes the system more secure than coming up with a standard password, which is repeated over and over at different sites, can be shared with a friend, or stolen by an adversary.
The system works using handwritten numbers instead of letters because although others may be able to recognize your penned words, they're not so good at distinguishing your handwritten numerals.
In the laboratory test, Reynaud asked 11 people to write the numbers 0 to 9 several times. She asked other volunteers to provide samples of their numerals, too, but these were eventually used to distract the study participants. She then scanned the numbers into a computer and used a software program, or algorithm, written by colleague Elin Olsen, to analyze the characteristics of the handwriting, such as height and width of strokes. The algorithm also kept track of which numerals belonged to which person and whose handwriting was more similar or distinct.
At authentication, the program showed the participant a series of five-number handwritten PINs, each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it. Instead the participant clicked on the PIN written in his or her handwriting. If they got it right, the program showed them another set of PINs. They then clicked again on the correct image.
The program shows the user four sets of PINs, which takes about 28 seconds to complete, but ensures a higher level of security than just showing one set. And as with other PIN-password system, three wrong attempts and you're locked out.
In the test, 10 of the 11 people recognized their own handwriting consistently. Although most of the people got it right, 11 participants is a low number to demonstrate the effectiveness of the technology, says Steve Furnell, professor of information systems security at the UK's University of Plymouth. "But the idea itself is very interesting," he says.
In addition, although Reynaud does not believe that this password method is robust enough to be used for sites with high-level security, such as online banking or e-commerce, it could work as a second layer on such sites, e.g., when you are changing an address or credit card information.