DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices

Toan Van Nguyen, Napa Sae-Bae, Nasir Memon

Research output: Contribution to journalArticlepeer-review


This paper presents DRAW-A-PIN, a user authentication system on a device with a touch interface that supports the use of PINs. In the proposed system, the user is asked to draw her PIN on the touch screen instead of typing it on a keypad. Consequently, DRAW-A-PIN could offer better security by utilizing drawing traits or behavioral biometrics as an additional authentication factor beyond just the secrecy of the PIN. In addition, DRAW-A-PIN inherently provides acceptability and usability by leveraging user familiarity with PINs. To evaluate the security and usability of the approach, DRAW-A-PIN was implemented on Android phones and 3203 legitimate finger-drawn PINs and 4655 forgery samples were collected through an extensive and unsupervised field experiment over 10 consecutive days. Experimental results show that DRAW-A-PIN achieves an equal error rate of 4.84% in a scenario where the attacker already knows the PIN by shoulder surfing. Finally, results from a user study based on the System Usability Scale questionnaire confirm that DRAW-A-PIN is highly usable.

Original languageEnglish (US)
Pages (from-to)115-128
Number of pages14
JournalComputers and Security
StatePublished - May 1 2017


  • Behavioral biometric
  • Finger-drawn PIN
  • Gesture authentication
  • Shoulder surfing
  • Touch devices

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'DRAW-A-PIN: Authentication using finger-drawn PIN on touch devices'. Together they form a unique fingerprint.

Cite this