Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Handwritten Passwords

Analyzing script could ease the strain on people’s memories.

A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints.

Power of recognition: Rather than straining to remember passwords, users could access online accounts by recognizing something they produced themselves. The Dynahand online authentication system lets users log in by recognizing a collection of random digits in their own handwriting (top). University of Glasgow researchers are also working on graphical systems (bottom), which they say could help dyslexic children and other people who have trouble with strings of characters.

Passwords can be secure when used properly, but many people don’t use them well. Creating weak passwords that are easy to hack, using the same passwords for multiple accounts, writing down passwords on slips of paper–these bad habits undermine security. University of Glasgow computer scientist Karen Renaud, who worked on Dynahand, says that people can’t be blamed for this carelessness. “I don’t even know how many passwords I have,” she says. “It’s ridiculous … I think people who design websites are totally unrealistic with the load they put on people.”

Replacing passwords with biometric authentication, which identifies users based on physical characteristics, such as fingerprints or retinal scans, isn’t ideal either because users have to buy additional hardware to take advantage of such schemes. In contrast, Dynahand requires no extra hardware or feats of memory.

To open a Dynahand account, a prospective user submits a variety of handwriting samples. To log in to her account, she must select her own handwriting out of a series of samples presented. Depending on the desired level of security, she may have to do this several times for a single log-in.

The user’s handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer. The researchers use an algorithm to analyze characteristics of all the handwriting samples presented, such as the width of the strokes, to be sure that the samples are distinct and don’t confuse a legitimate user.

Renaud says this type of system appeals especially to older users, who can be very aware of the strain that remembering yet another password will put on their memories. She has found that the system also appeals to dyslexic people, who sometimes use very easy passwords because they have trouble remembering complex passwords. Both populations, she says, are willing to use a slower system in exchange for not having to remember a password.

Larry O’Gorman, a computer scientist at Avaya Labs who researches ways to make security more user-friendly, says that he thinks the Dynahand system is interesting, particularly in the way that it has users recognize digits. But he isn’t convinced that it’s secure, as even a single log-in involves identifying handwriting samples multiple times. “A clever attacker will choose the same style of handwriting for each stage,” O’Gorman says. “I don’t know how easy it is to match handwriting styles from one stage to the next, but I believe it can be done to some degree.”

Renaud doesn’t think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it. Using Dynahand in those circumstances could reduce the number of passwords that users must remember, making them more capable of recalling complex passwords when security is crucial.

The Glasgow researchers say that Dynahand’s security could also be enhanced by keeping track of the time it takes a user to respond to each handwriting challenge and by watching out for abnormally long log-in times (which could signal an intruder trying to analyze the samples in search of the correct one) or abnormally short log-in times (which could signal an intruder trying to break in using a brute-force technique that involves a computer rapidly trying every possible response).

The main obstacle to getting Dynahand on the market, Renaud says, is that creating a new account takes too much manual labor behind the scenes. “I put hours and hours into scanning samples in manually,” she says. “That’s okay because I was testing an idea, but a company’s not going to want to do that.” She is now working on ways to automatically collect and analyze handwriting samples.

Couldn't get to Cambridge? We brought EmTech MIT to you!

Watch session videos here
Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.