The U.S. Patent and Trademark Office has published a patent application filed by Apple that describes an image based authentication method as an alternative to traditional text passwords.
Text based passwords are flawed in many ways, as the patent details. Onlookers might simply see you entering your password, or guess in just in a few tries based on the fingerprints left on the screen due to constantly typing the 4-digit password (the default option).
The image based method uses information associated with images on the device to correctly identify the user. This information could either be names of people in the image, a caption entered by the user or other similar metadata that the user might know of from before.
When a device is unlocked, the user would be presented with an image and asked to input information related to it, either through the keyboard, voice or even on-screen buttons. Only if the entered info is correct would a user be given access to the device.
For example, the user may type “Jane” on a [keyboard]. Alternatively, step 120 might also include displaying […] a set of names. Then, as part of step 130, the user selects one of the displayed names that the user believes identifies the object.
As part of a single round authentication process, an authenticating process selects an image of the Eiffel Tower and prompts the user to enter a description of the Eiffel Tower that the user provided previously (e.g., using a different computing device), such as “The Big Stick.” While Eiffel Tower is a global icon, not many people have referred to it as “The Big Stick.” Therefore, an unauthorized person that accesses the computing device and sees the Eiffel Tower as part of the authentication process will most likely not know that “The Big Stick” is the answer.
To further strengthen the authentication system, the device could present multiple photos instead of a single one, reducing the chances of an unauthorised break-in.
Visual authentication methods aren’t very new. Microsoft’s Windows 8 lets users verify themselves by tapping at predetermined areas on an image, Android has a 9×9 grid on which users have to draw the correct pattern (AndroidLock XT brings that feature to jailbroken iPhone) and Facebook, in certain cases, authenticates users by asking them to identify images of their friends. These methods still haven’t become as popular and common as text-based passwords, which have been used since years.
Apple has previously explored a heart sensor based authentication method, an Android-like face unlock method and had recently acquired fingerprint authentication company Authentec.
Via: Patently Apple