正文
还在用密码和手势锁屏? 试试更安全的涂鸦吧
为了准确衡量每种手势的安全性,研究人员引入了信息论中的“微分熵”概念。这个概念能量化手势的“信息内容”或者说“多样性”。一般来说,越复杂的手势越安全,它们有些看着像荆棘、风滚草等植物,还有些看起来像是有很多面的珠宝。
On average the most memorable gestures were shorter and simpler than those best for security. Some of the most memorable ones included simple angular shapes, like triangles, and signatures.
通常,与最安全的手势相比,那些最容易记住的手势一般比较简洁,其中包括简单的图案造型,例如三角形和签名等。
The least-secure gestures consisted of gentle, looping circles.
而最不安全的手势则要数单调循环的圆圈。
Another measure of security involved a “shoulder surfing” test. Six student volunteers independently watched videos of another student performing three representative gestures. These “attackers” were then asked to replicate each gesture.
另一种衡量安全性的方法是所谓的“背后偷窥”测试。方法是让六名学生志愿者独自观看一位学生演示三种典型手势的视频,然后凭记忆重复这些手势。
The preliminary results were promising. “None of the attackers came even close to the gesture,” Lindqvist said.
初步测试的效果令人振奋。林奎斯特称:“偷窥者们甚至都无法画出相近的手势。”
In fact, one attacker did nearly replicate one of the gestures—a backwards “N”—but did not come close enough for a “recognizer” to authenticate.
事实上,还是有一人几乎画出了其中一种手势——一个倒写的字母“N”,但相似度没有达到系统“识别”通过的程度。
“Typing in a password seems to be an artifact of the past,” said Nasir Memon, professor of computer science and engineering at New York University, who was not involved in the study. “There is definitely a need to explore the alternatives.”
纽约大学(New York University)计算机科学与工程专业教授纳西尔o梅蒙说:“输入密码已经过时了,我们亟需发掘替代方案。”梅蒙并没有参与上面提到的研究。
Still, even with the aid of muscle memory, one must question how confusing a world of security gestures might become.
不过,即便有肌肉记忆辅助,我们也可能会被一大堆手势密码弄得不知所措。
“If you have three different gestures for three different accounts, how do you deal with that?” Memon asked.
梅蒙反问:“如果你的三个账号有三个不同的手势密码,你怎么区分?”
In future studies, Lindqvist said he plans to instruct participants in best practices for generating secure and memorable gestures. He also hopes to expand the shoulder-surfing test. “I think that this robust alternative and a better alternative than the current method, and looking forward to working on this more,” Lindqvist said.
林奎斯特表示,在未来的研究中,他计划指导被试者,帮助他们掌握最佳的做法,获得安全又好记的手势。此外,他还希望扩展背后窥视测试。他说:“我认为手势密码非常安全,比现有方案要好。我希望在这个领域继续深入研究。”
If the new tactic’s promise holds, the future of password security may look less like a keyboard and more like finger-skating. For now, though, the billions of people around the world using mobile devices must stick with their PINs and patterns.
如果这种新方法靠谱,未来密码安全可能不再靠键盘,而是靠信手涂鸦。不过,目前全球几十亿移动设备用户只能用谷歌安卓系统的标准模式锁屏和苹果的个人识别号码。
“It holds potential,” Memon said. “But we’re still a long way from it being seriously adopted.”
梅蒙说:“手势密码确实有潜力。但它要得到广泛的采用还有很长的路要走。”