As users draw a shape or pattern on the screen, we track their fingers, recording where they move and how quickly (or slowly). We compare that track to one recorded when they set up the gesture-based login. This protection can be added just by software changes; it needs no specific hardware or other modifications to existing touchscreen devices. As touchscreens become more common on laptop computers, this method could be used to protect them too.
Our system also allows people to use more than one finger—though some participants wrongly assumed that making simple gestures with multiple fingers would be more secure than the same gesture with just one finger. The key to improving security using one or more fingers is to make a design that is not easy to guess.