New products

SureSwipe takes PINs in a new direction

Jay MacDonald

My Uncle Leo had a distinctive facial tic that I always thought would be a pretty foolproof identifier for ATM and credit card transactions. Problem is, you’d need a point-of-sale terminal with facial recognition and, in Uncle Leo’s case, a free half-hour to hear his stories about the war.

Sprite 8.jpg

As unique as Uncle Leo’s tic was, it pulled no weight when it came time to pay with plastic or do his banking online. For that, you need to concoct a password — a personal alphanumeric tic, if you will — that these days does less to verify your identity than to simply beat down that inner voice that insists on screaming, “Danger! Danger! Danger!”

For all their good intentions, passwords have always been a lousy substitute for Uncle Leo’s tic. Just ask Wired senior writer Mat Honan, a pretty ‘net-savvy guy who watched his digital life burn down in about an hour after his robust passwords were deciphered. In his insightful account, “Kill the Password: Why a String of Characters Can’t Protect Us Anymore,” Honan has this to say about our made-up tics:

“It’s an artifact from a time when our computers were not hyper-connected. Today, nothing you do, no precaution you take, no long or random string of characters can stop a truly dedicated and devious individual from cracking your account. The age of the password has come to an end; we just haven’t realized it yet.”

Or have we?

This month, Capital One introduced its SureSwipe mobile phone app that veers from the alphanumeric mainstream to enable users to log in based on pattern recognition. Instead of setting up a boring old password, SureSwipe users trace a pattern on a square, nine-point touch screen grid that becomes their pattern sign-in. You have to hit at least four of the nine points in sequence, and lame figures aren’t allowed, for you Zorros out there.

The app, currently available in iPhone with Android to follow next year, allows you to reset your doodle or turn the SureSwipe feature off entirely and go old-school with an alphanumeric identifier.

Several things occurred to me while exploring the SureSwipe landing page. One, the headline: “No More Password Typos.” Really? Is that what this is the solution for? Fumble thumbs? What about, oh, identity theft? Alas, there was no link to security FAQs or reassuring anti-fraud verbiage.

You don’t need a math degree to figure out that there are far fewer possible combinations using nine digits than with 26 letters, nine numbers and assorted symbols in the alphanumeric world.

Capital One’s pattern recognition breakthrough may well save time for mobile users, if that’s its sole goal. And I’m excited by any move away from those vulnerable letters and numbers to something more personal and harder to machine generate or guess.

But until we come up with something a little closer to Uncle Leo’s tic, I fear that hackers are likely to view SureSwipe as just that: a sure swipe.

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • ramon

    i set up a swipe pattern for my log in in one of the app on my phone, now i tried to use the same app from another phone, how come it doesnt recognize the swipe pattern i set up previously with my old phone

  • Benjamin Rodefer

    I know that the android phones use the same thing, the swipe pattern and I see that google won a patent for it in some incarnation. Do you know if others are able to use a swipe pattern to unlock their own designed apps or if it is patent protected? Seems a really common thing and in use for a while, but the google patent is scary.