The idea of using a game as a login method is not as strange as it might appear.
If you think about how we use passwords as a login method, it's essentially already a game. The system "knows" a secret (password) and gives you a chance to "guess" it. If you guess right, you win the game and gain access into the system. If you guess wrong, you get a second try. And if you fail several times in a row, the game ends, locking you out of the system.
Conceptually, a biometrics-based login is the same game.
Why can't passwords and biometrics protect against the HITBAD problem? Because the rules of these games are known to everyone. When you log in with a password and hit the "K" button, for example, anyone looking at your device would be able to tell that you just entered that symbol.
Now, imagine that not only is the password (the purpose of the game) a secret, but so is the input method (the rules of the game). Since both these secrets (the purpose and the rules) are configurable elements of the game, it would be very difficult to steal your credentials just by looking at your screen during the login process.
There are many ways how such a game could be constructed. One of the possible approaches involves using SPINT technology, which provides configurable input methods based on the Magic Point and Magic Grid concepts. As you'll see in the videos below, it's not that simple to figure out the game's purpose (the passcode) without knowing the game's rules (specifics of the input method).
The login game only takes a few seconds to play, and its layout is different each time, as demonstrated in the video below.
To learn more about our app used in the demos above, click here.