Skip to Content

Handwritten Passwords

Analyzing script could ease the strain on people’s memories.
June 28, 2007

A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints.

Power of recognition: Rather than straining to remember passwords, users could access online accounts by recognizing something they produced themselves. The Dynahand online authentication system lets users log in by recognizing a collection of random digits in their own handwriting (top). University of Glasgow researchers are also working on graphical systems (bottom), which they say could help dyslexic children and other people who have trouble with strings of characters.

Passwords can be secure when used properly, but many people don’t use them well. Creating weak passwords that are easy to hack, using the same passwords for multiple accounts, writing down passwords on slips of paper–these bad habits undermine security. University of Glasgow computer scientist Karen Renaud, who worked on Dynahand, says that people can’t be blamed for this carelessness. “I don’t even know how many passwords I have,” she says. “It’s ridiculous … I think people who design websites are totally unrealistic with the load they put on people.”

Replacing passwords with biometric authentication, which identifies users based on physical characteristics, such as fingerprints or retinal scans, isn’t ideal either because users have to buy additional hardware to take advantage of such schemes. In contrast, Dynahand requires no extra hardware or feats of memory.

To open a Dynahand account, a prospective user submits a variety of handwriting samples. To log in to her account, she must select her own handwriting out of a series of samples presented. Depending on the desired level of security, she may have to do this several times for a single log-in.

The user’s handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer. The researchers use an algorithm to analyze characteristics of all the handwriting samples presented, such as the width of the strokes, to be sure that the samples are distinct and don’t confuse a legitimate user.

Renaud says this type of system appeals especially to older users, who can be very aware of the strain that remembering yet another password will put on their memories. She has found that the system also appeals to dyslexic people, who sometimes use very easy passwords because they have trouble remembering complex passwords. Both populations, she says, are willing to use a slower system in exchange for not having to remember a password.

Larry O’Gorman, a computer scientist at Avaya Labs who researches ways to make security more user-friendly, says that he thinks the Dynahand system is interesting, particularly in the way that it has users recognize digits. But he isn’t convinced that it’s secure, as even a single log-in involves identifying handwriting samples multiple times. “A clever attacker will choose the same style of handwriting for each stage,” O’Gorman says. “I don’t know how easy it is to match handwriting styles from one stage to the next, but I believe it can be done to some degree.”

Renaud doesn’t think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it. Using Dynahand in those circumstances could reduce the number of passwords that users must remember, making them more capable of recalling complex passwords when security is crucial.

The Glasgow researchers say that Dynahand’s security could also be enhanced by keeping track of the time it takes a user to respond to each handwriting challenge and by watching out for abnormally long log-in times (which could signal an intruder trying to analyze the samples in search of the correct one) or abnormally short log-in times (which could signal an intruder trying to break in using a brute-force technique that involves a computer rapidly trying every possible response).

The main obstacle to getting Dynahand on the market, Renaud says, is that creating a new account takes too much manual labor behind the scenes. “I put hours and hours into scanning samples in manually,” she says. “That’s okay because I was testing an idea, but a company’s not going to want to do that.” She is now working on ways to automatically collect and analyze handwriting samples.

Keep Reading

Most Popular

10 Breakthrough Technologies 2024

Every year, we look for promising technologies poised to have a real impact on the world. Here are the advances that we think matter most right now.

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

AI for everything: 10 Breakthrough Technologies 2024

Generative AI tools like ChatGPT reached mass adoption in record time, and reset the course of an entire industry.

What’s next for AI in 2024

Our writers look at the four hot trends to watch out for this year

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.