That locking mechanism on your tablet computer or smartphone? It’s mostly a relic from the days of the keyboard. With the advent of touchscreens, the three-by-three grids and four-digit passcodes popular on today’s mobile devices are anachronistic. Yet they persist, despite “shoulder surfers” and the telltale oilsleft by swiping fingers.眼下平板电脑或智能手机上的锁屏程序堪称键盘时代的遗物。随着触摸屏的经常出现，如今移动设备上常用的“九宫格”式和四位密码都过时了。

然而，它们依然在普遍用于，尽管杨家有人车站在别人身后偷拍，而用户手指擦过屏幕时留给的油迹也不会泄漏密码。A new study from Rutgers University suggests that squiggling—yes, squiggling—on the screen of your tablet or smartphone may provide a better authentication mechanism than the standard pattern locks favored by Google’s GOOG 1.54% Android operating system and the Personal Identification Numbers (PINs) preferred by Apple’s AAPL -0.09% iOS.美国罗格斯大学（Rutgers University）一项新的研究指出，在平板电脑或智能手机上信手涂鸦有可能是比谷歌（Google）安卓（ Android）操作系统所使用的标准模式锁住屏以及苹果（Apple）所注目的个人辨识号码（Personal Identification Numbers, PINs）更佳的身份验证机制。“The current locking and authentication mechanisms available for mobile systems commercially do not work so well,” said Janne Lindqvist, an assistant professor of electrical and computer engineering at Rutgers University and an author of the study. “Instead of having old methods or cued methods, we let people just generate gestures without any kind of visual cue or other kind of instructions.”研究报告的执笔人之一、罗格斯大学电气和计算机工程助理教授珍妮o林奎斯特称之为：“目前移动系统使用的商业化的瞄准和身份验证机制不好用。我们弃用给用户提醒的老方法，转而让用户在屏幕上信手涂鸦，不不存在任何视觉提醒或其他类型的命令。

”The studies’ researchers, which included collaborators from the Max-Planck Institute for Informatics and the University of Helsinki, asked 63 participants to scrawl “continuous free-form multitouch gestures,” essentially finger-painting on the blank touchscreen canvas of a Google Nexus 10 tablet. No grid, no template: the subjects improvised a pass-doodle, rather than a password.这项研究的研究人员还包括来自马普信息学研究所（the Max-Planck Institute for Informatics）以及赫尔辛基大学（the University of Helsinki）的合作者。他们请求63位被试者以“倒数点状多点触触手势”信手涂鸦，本质上是以谷歌Nexus 10平板电脑的空白触摸屏为画布，以手指为笔作画。没“九宫格”，也没模板，被试者即兴创作的是“密画”，而非密码。The researchers then asked users to recall and redraw their scribbles after a short break and a bit of distracting mental math (counting down from 20 to 0 and rotating a shape in their minds). Next, the researchers retested the users’ memory after a minimum of 10 days. (Six subjects didn’t return for the second test.)随后，研究人员拒绝被试者在一段时间睡觉和令人迟疑的心算（从20倒数到0，同时想象一个图形在自己脑海中旋转）后，回忆起并反复自己刚所画的手势。

然后，在最少10天之后，研究人员再度测试了被试者的记忆（有6名被试者并未回去参与第二次测试。）The trick—as with any good password—was to concoct a gesture complex enough to dupe spies yet simple enough to remember.如同所有好的密码一样，手势的关键在于简单到能看穿偷窥的人，但却非常简单好记。“You never need to be perfect,” Lindqvist said on reproducing a gesture swipe-for-swipe. “You can make a bit of errors, but not too much. It depends a lot on the security policy you want to implement.”关于手势的正确性，林奎斯特说明道：“你不用做极致。

你可以出有一点拢，只要不过于多。这相当大程度上各不相同你想采行的安全策略。

”For instance, authentication for a mobile device might accept a higher error rate than one protecting a bank vault.例如，手机身份验证程序可拒绝接受的密码错误率有可能低于银行保险柜的安保系统。To verify matches, the team used a “recognizer” algorithm, which compared each gesture to a set of stored templates. The algorithm then calculated an average score for each attempt at unlocking. Gestures whose scores rose above a certain threshold value were authorized entry.为了检验手势否给定，研究团队使用了“模式识别”算法，将每个手势与一套储存的模板展开核对，同时计算出来出有每次关卡操作者的平均分。分数低于特定阈值的关卡操作者就能准许转入。

“You never can, in any case—with any kind of meaningfully complex gesture—repeat it exactly the same way,” Lindqvist said, noting that it takes at least three repetitions, or templates, for a gesture to become stable. (For improved accuracy, the study used 10 templates per participant.)林奎斯特说道：“无论如何，对于简单的手势，大家意味著不有可能做百分之百精确再现。”林奎斯特认为，最少必须三次反复或模板才能使手势平稳。

（为了提升准确度，在研究中对每位被试者使用了10个模板。）The researchers also used a flexible algorithm. Participants were able to draw anywhere on the device’s screen at whatever size and angle they wished, as long as the shape of the gesture was correct. Such flexibility may allow single gestures to adapt across platforms: for instance, on the larger screen of a tablet versus the smaller screen of a smartphone.研究者还用于了一种适应性很强的算法。被试者们需要在移动设备屏幕的任何地方、以给定角度所画出有图案，大小也可随心所欲，只要手势的形状准确才可。

这样灵活性的算法可以让同一手势跨平台用于，例如大屏幕的平板和屏幕比较较小的智能手机能用于完全相同的手势密码。To measure each gesture’s level of security, the researchers imported a concept from Information Theory called “differential entropy.” This metric quantified the “information content,” or “surprisingness,” of a gesture. Generally, the most secure gestures were the most complex. Some of these looked like brambles, tumbleweeds or multi-faceted jewels.为了精确取决于每种手势的安全性，研究人员引进了信息论中的“微分熵”概念。这个概念能量化手势的“信息内容”或者说“多样性”。

一般来说，就越简单的手势就越安全性，它们有些看著像荆棘、风滚草等植物，还有些看上去看起来有很多面的珠宝。On average the most memorable gestures were shorter and simpler than those best for security. Some of the most memorable ones included simple angular shapes, like triangles, and signatures.一般来说，与最安全性的手势比起，那些最更容易忘记的手势一般较为简练，其中还包括非常简单的图案造型，例如三角形和亲笔签名等。The least-secure gestures consisted of gentle, looping circles.而最不安全性的手势则要数单调循环的圆圈。

Another measure of security involved a “shoulder surfing” test. Six student volunteers independently watched videos of another student performing three representative gestures. These “attackers” were then asked to replicate each gesture.另一种取决于安全性的方法是所谓的“背后偷拍”测试。方法是让六名学生志愿者独自一人观赏一位学生展示三种典型手势的视频，然后凭记忆反复这些手势。The preliminary results were promising. “None of the attackers came even close to the gesture,” Lindqvist said.可行性测试的效果令人振奋。

林奎斯特称之为：“偷窥者们甚至都无法所画出有相似的手势。”In fact, one attacker did nearly replicate one of the gestures—a backwards “N”—but did not come close enough for a “recognizer” to authenticate.事实上，还是有一人完全所画出有了其中一种手势——一个倒写的字母“N”，但相近度没超过系统“辨识”通过的程度。“Typing in a password seems to be an artifact of the past,” said Nasir Memon, professor of computer science and engineering at New York University, who was not involved in the study. “There is definitely a need to explore the alternatives.”纽约大学（New York University）计算机科学与工程专业教授纳西尔o梅蒙说道：“输出密码早已过时了，我们急需考古替代方案。

”梅蒙并没参予上面提及的研究。Still, even with the aid of muscle memory, one must question how confusing a world of security gestures might become.不过，即便有肌肉记忆辅助，我们也可能会被一大堆手势密码弄得不知所措。“If you have three different gestures for three different accounts, how do you deal with that?” Memon asked.梅蒙质问：“如果你的三个账号有三个有所不同的手势密码，你怎么区分？”In future studies, Lindqvist said he plans to instruct participants in best practices for generating secure and memorable gestures. He also hopes to expand the shoulder-surfing test. “I think that this robust alternative and a better alternative than the current method, and looking forward to working on this more,” Lindqvist said.林奎斯特回应，在未来的研究中，他计划指导被试者，协助他们掌控最佳的作法，取得安全性又好录的手势。

此外，他还期望拓展背后偷窥测试。他说道：“我指出手势密码十分安全性，比现有方案要好。我期望在这个领域之后深入研究。”If the new tactic’s promise holds, the future of password security may look less like a keyboard and more like finger-skating. For now, though, the billions of people around the world using mobile devices must stick with their PINs and patterns.如果这种新方法靠谱，未来密码安全性有可能仍然靠键盘，而是靠信手涂鸦。

不过，目前全球几十亿移动设备用户不能用谷歌安卓系统的标准模式锁住屏和苹果的个人辨识号码。“It holds potential,” Memon said. “But we’re still a long way from it being seriously adopted.”梅蒙说道：“手势密码显然有潜力。但它要获得普遍的使用还有很长的路要回头。

本文来源：泛亚电竞官方网站-www.nilabindu.com