A digital world without passwords
Motivated by recent studies indicating that many users find PIN and password authentication techniques inconvenient to the point of disabling them altogether, City researchers are reimagining a world without passwords by carrying out research into continuous authentication schemes on mobile devices.
A recent spate of unlocked mobile and tablet thefts by moped-riding mobs proves that even devices protected with PINs or Apple’s FaceID are not secure.
BT-sponsored PhD candidate, Max Smith-Creasey, and his supervisor, Professor Muttukrishnan Rajarajan, have been conducting research which investigates mechanisms to continuously collect and authenticate biometrics from mobile device sensors.
Industry awareness and interest
Their research has only recently emerged due to the ever-evolving capabilities of smartphones and machine-learning algorithms. This research has quickly attracted industry interest and is funded by BT - the inspiration for several of that company's patents.
The novel schemes under development are designed to recognise impostors as soon as they start to use the mobile devices in such a way that they can be quickly locked out and the data kept secure. The research has been published in leading academic conferences and journals.
The contributions by the researchers have included novel touchscreen-features for gesture-typing on mobile keyboards to authenticate users as they type achieving accuracy levels of up to 99.8%.
Furthermore, they have created a continuous authentication scheme with contextual awareness for better accuracy and a mechanism to track the authenticated face to ensure the genuine user is always present. Their approach combines facial and touchscreen-features in a multi-modal approach using ensemble learning techniques to further enhance accuracy.
The threshold that the biometrics scores must surpass to gain access has been made adaptive based on the current context such that it is more forgiving in known environments and stricter in unknown environments to enhance usability and security
This research provides a feasible alternative to passwords, PINs and other one-time authentication techniques on mobile devices and paves the way for a more secure and more usable form of authentication.