User authentication – Mobile

For a little while I have been engaged in conversations with projects here at work regarding how to authenticate a user on a PC and smartphone.

The idea is to think beyond the simple pin/password,  and more importantly to make it easier for people to remember.

Seems to me there are 3 groups (plus the no-hopers !) to consider, those who like numbers/letters, visual folks and musical types.

For the visual folks the use of images is popular, and gaining ground in some areas (as a captcha replacement)  and I like the idea of select your picture (from a selection of, say 12) and then drag it to the compass point you previously selected, lets call it select and drag.  The swipe a pattern is good,  however it is relatively easy for an observer to see what you did,  ‘specially if the line is drawn, like it can be on android devices.

For the musical types  I like the idea of being able to tap a beat out on your phone.  literally “drum” it with your finger,  and this is unique to you,  you need an accelorometer,  however most smart phones have one of those.

Of course word / pin options, are still ok for those that have a natural affinity with them,  I wonder why you don’t get a traditional safe dial to turn ?  perhaps it’s too fiddly,  like the PS note down below.

I guess I could also see using the NFC reader to read a credit card or security pass for proof of possession,  as this should get close to the level of authentication provided by an RSA tag or similar (putting in the current on screen  number means you have the device to hand).  And if your an org that does not want to rely on a credit card or similar then just send the punter an NFC tag (they’re pennies each) with a predefined code,  they can then stick this somewhere convenient (and where the sun does shine !).

but does anyone have any better ideas that could work ?

PS:  my employer requires that to open up my work iPhone, I have to enter an 8 character password that has at least 1 number. This is a real pain,  I mean a proper cause for concern.  Yes I get that it is very secure,  however it is also so difficult I have to be still to enter it accurately (because the iphone only presents you with the portrait, small, keyboard regardless of device orientation) and you have to switch keyboards to get to the numbers.

It’s dangerous, because it is very distracting,  and is often required when out and about, crossing roads and similar potentially hazardous situations eg driving and needing to make a call … even with hands free.

not to mention the amount of time wasted entering (and re-entering the stupid password), over the course of a year this really adds up.

Then when I see others around doing this,  it seems they resort to 7 times the same char eg w, followed by a single number,  so this complex scheme is back firing.