For nearly half a century, the graphical user interface involved selecting interface elements according to their position on a screen. When users wanted to execute something, they would either click (with a mouse), tap (with a finger) or strike (with a stylus) the screen's area where the desired interface element (button or menu item) was located.
This selection-by-screen-position approach worked well for devices with larger screens (desktop and laptop computers), as well as those with medium-size screens (tablets and phablets). But that wasn't the case for devices with much smaller screens (smart watches and glasses), as the approach either didn't work well or didn't work at all.
On the bright side, there is now another method that allows us to ...
The human-computer interaction technologies has come a long way since 1963, when Ivan Sutherland developed first graphical computer-aided design program. Since then, all known interaction solutions and underlying devices required selecting interface elements according to their position on a screen (i.e. mouse, joystick, touchscreen, stylus, VR gloves, eye-tracking contraptions, and even keyboards with buttons to control a cursor's movement).
The concept looked so natural that creators of Sci-Fi movies were quick to implement it. The "Minority Report" movie, for example, frequently shows Tom Cruise waving his hands around to grab virtual controls hovering in the air.
At SYMPIUS we developed a conceptually different approach ...
The closer we move toward using our mobile devises as universal keys (to our bank accounts, credit cards, house and car locks, let alone personal information), the more the people around us start to pose a serious threat. The malicious observers could easily steal our credentials by glancing at our screens, plus they could gain physical access to our devices themselves. Relying on biometrics isn't a very viable alternative either, since your biometric data is also readily available to the "bad guys" around you.
We call this threat a HITBAD problem, which stands for "Here Is The Body And Device". This is a relatively new security challenge, and it differs from the rest.
How is HITBAD different from other mobile security risks?
The idea of using a game as a login method is not as strange as it might appear.
If you think about how we use passwords as a login method, it's essentially already a game. The system "knows" a secret (password) and gives you a chance to "guess" it. If you guess right, you win the game and gain access into the system. If you guess wrong, you get a second try. And if you fail several times in a row, the game ends, locking you out of the system.
Conceptually, a biometrics-based login is the same game.
Why can't passwords and biometrics protect against the HITBAD problem?