Beyond Passwords: Touch Interaction for Authentication

Beyond Passwords: Touch Interaction for Authentication

Just as multi-touch technology has allowed users to seamlessly communicate with the devices using natural and fluid interaction, it has also opened up the possibilities of designing new interactive authentication mechanisms that go beyond something-you-know, e.g., text or knowledge-based graphical passwords. As opposed to "something-you-know" approach that uses a shared secret between a user and a system as an authentication credential; a biometric, or something-you-are, authentication is a way to authenticate a user based on his characteristics or traits.


Biometric Passwords


This research is set to explore possibilities of using touch interaction as ways to biometrically authenticate users and inspect their security and usability challenges. Currently, two authentication mechanisms that suit different device form factors are under investigation.  


  1. Biometric-Rich Multi-touch Gesture for Authentication

In this project, we propose using multi-touch gestures as behavioral biometric traits to authenticate users on large touch interface devices. i.e., tablet-sized. One advantage of our gestural password schemes compared to other well-known biometric modalities (fingerprint, iris, etc) is revocability. When a gesture is compromised or no longer effective, it can be replaced by another gesture. Other advantages of gesture based authentication include security against shoulder surfing attacks, and that they do not require customized hardware.

Our studies showed that multi-touch gestures contain biometric information based on hand geometry and finger movement characteristics. That is, the touch trails created by two users even when they perform the same gesture can be very different and they can be used to authenticate a user with promising accuracy. In addition, the usability and security correlation of the system is desirable as gestures that were more secure from a biometric point of view being rated as more usable by users.



  • Sae-Bae, Napa, et al. "Biometric-rich gestures: a novel approach to authentication on multi-touch devices." Proceedings of the 2012 ACM annual conference on human factors in computing systems. ACM, 2012.

  • Sae-Bae, Napa, Nasir Memon, and Katherine Isbister. "Investigating multi-touch gestures as a novel biometric modality." Biometrics: Theory, Applications and Systems (BTAS), 2012 IEEE Fifth International Conference on. IEEE, 2012.

  • Isbister, Katherine, Nasir Memon, and Napa Sae-bae. "BIOMETRIC-RICH GESTURES FOR AUTHENTICATION ON MULTI-TOUCH DEVICES." U.S. Patent No. 20,130,219,490. 22 Aug. 2013.


Project team

  • Napa Sae-Bae,         PhD student, CSE, NYU-Poly

  • Kowsar Ahmed,         Graduate student, CSE, NYU-Poly

  • Katherine Isbister,         Professor, CSE, NYU-Poly

  • Nasir Memon,         Professor, CSE, NYU-Poly

  1. Finger-drawn Signature Verification on Mobile devices


An handwritten signature is one plausible candidate for user authentication on smaller touch-sensitive devices, i.e., mobile phones, given the familiarity users have with the concept of using a signature for the purpose of authentication. In this project, we study online signature verification on such mobile devices. Particularly, we develop an effective signature verification algorithm and evaluate its practical performance in different aspects using a new dataset that is collected in mobile device setting.



  • Sae-Bae, Napa, and Nasir Memon. "A simple and effective method for online signature verification." Biometrics Special Interest Group (BIOSIG), 2013 International Conference of the. IEEE, 2013.


Project team

  • Napa Sae-Bae,        PhD student, CSE, NYU-Poly

  • kaustubh koparkar,        Graduate student, CSE, NYU-Poly

  • Nasir Memon,         Professor, CSE, NYU-Poly