正文
还在用密码和手势锁屏? 试试更安全的涂鸦吧
That locking mechanism on your tablet computer or smartphone? It’s mostly a relic from the days of the keyboard. With the advent of touchscreens, the three-by-three grids and four-digit passcodes popular on today’s mobile devices are anachronistic. Yet they persist, despite “shoulder surfers” and the telltale oilsleft by swiping fingers.
眼下平板电脑或智能手机上的锁屏程序可谓键盘时代的遗物。随着触摸屏的出现,如今移动设备上常用的“九宫格”式和四位密码都过时了。然而,它们仍然在广泛使用,尽管老有人站在别人身后偷窥,而用户手指划过屏幕时留下的油迹也会泄露密码。
A new study from Rutgers University suggests that squiggling—yes, squiggling—on the screen of your tablet or smartphone may provide a better authentication mechanism than the standard pattern locks favored by Google’s GOOG 1.54% Android operating system and the Personal Identification Numbers (PINs) preferred by Apple’s AAPL -0.09% iOS.
美国罗格斯大学(Rutgers University)一项新研究表明,在平板电脑或智能手机上信手涂鸦可能是比谷歌(Google)安卓( Android)操作系统所采用的标准模式锁屏以及苹果(Apple)所青睐的个人识别号码(Personal Identification Numbers, PINs)更好的身份验证机制。
“The current locking and authentication mechanisms available for mobile systems commercially do not work so well,” said Janne Lindqvist, an assistant professor of electrical and computer engineering at Rutgers University and an author of the study. “Instead of having old methods or cued methods, we let people just generate gestures without any kind of visual cue or other kind of instructions.”
研究报告的执笔人之一、罗格斯大学电气和计算机工程助理教授珍妮o林奎斯特称:“目前移动系统采用的商业化的锁定和身份验证机制不太好用。我们弃用给用户提示的老方法,转而让用户在屏幕上信手涂鸦,不存在任何视觉提示或其他类型的指示。”
The studies’ researchers, which included collaborators from the Max-Planck Institute for Informatics and the University of Helsinki, asked 63 participants to scrawl “continuous free-form multitouch gestures,” essentially finger-painting on the blank touchscreen canvas of a Google Nexus 10 tablet. No grid, no template: the subjects improvised a pass-doodle, rather than a password.
这项研究的研究人员包括来自马普信息学研究所(the Max-Planck Institute for Informatics)以及赫尔辛基大学(the University of Helsinki)的合作者。他们请63位被试者以“连续不规则多点触控手势”信手涂鸦,本质上是以谷歌Nexus 10平板电脑的空白触摸屏为画布,以手指为笔作画。没有“九宫格”,也没有模版,被试者即兴创作的是“密画”,而非密码。
The researchers then asked users to recall and redraw their scribbles after a short break and a bit of distracting mental math (counting down from 20 to 0 and rotating a shape in their minds). Next, the researchers retested the users’ memory after a minimum of 10 days. (Six subjects didn’t return for the second test.)
随后,研究人员要求被试者在短暂休息和令人分心的心算(从20倒数到0,同时想像一个图形在自己脑海中转动)后,回想并重复自己刚刚画的手势。然后,在至少10天之后,研究人员再次测试了被试者的记忆(有6名被试者未回来参加第二次测试。)
The trick—as with any good password—was to concoct a gesture complex enough to dupe spies yet simple enough to remember.
如同所有好的密码一样,手势的关键在于复杂到能骗过窥视的人,但却简单好记。
“You never need to be perfect,” Lindqvist said on reproducing a gesture swipe-for-swipe. “You can make a bit of errors, but not too much. It depends a lot on the security policy you want to implement.”
关于手势的正确性,林奎斯特解释道:“你不必做到完美。你可以出一点错,只要不太多。这很大程度上取决于你想要采取的安全策略。”
For instance, authentication for a mobile device might accept a higher error rate than one protecting a bank vault.
例如,手机身份验证程序可接受的密码错误率可能高于银行保险柜的安保系统。
To verify matches, the team used a “recognizer” algorithm, which compared each gesture to a set of stored templates. The algorithm then calculated an average score for each attempt at unlocking. Gestures whose scores rose above a certain threshold value were authorized entry.
为了验证手势是否匹配,研究团队采用了“模式识别”算法,将每个手势与一套储存的模版进行比对,同时计算出每次解锁操作的平均分。分数高于特定阈值的解锁操作就能获准进入。
“You never can, in any case—with any kind of meaningfully complex gesture—repeat it exactly the same way,” Lindqvist said, noting that it takes at least three repetitions, or templates, for a gesture to become stable. (For improved accuracy, the study used 10 templates per participant.)
林奎斯特说:“无论如何,对于复杂的手势,大家绝对不可能做到百分之百准确重现。”林奎斯特指出,至少需要三次重复或模板才能使手势稳定。(为了提高准确度,在研究中对每位被试者采用了10个模板。)
The researchers also used a flexible algorithm. Participants were able to draw anywhere on the device’s screen at whatever size and angle they wished, as long as the shape of the gesture was correct. Such flexibility may allow single gestures to adapt across platforms: for instance, on the larger screen of a tablet versus the smaller screen of a smartphone.
研究者还使用了一种适应性很强的算法。被试者们能够在移动设备屏幕的任何地方、以任意角度画出图案,大小也可随心所欲,只要手势的形状正确即可。这样灵活的算法可以让同一手势跨平台使用,例如大屏幕的平板和屏幕相对较小的智能手机能使用相同的手势密码。