Mobile computing devices equipped with touch screens have become very prevalent. Many applications that were commonly executed on desktop computers in the past are now also being executed on such touch screen devices. For example, email applications, social networking applications, electronic commerce applications, and online banking applications are now being executed on touch screen devices. Authenticating users of touch screen devices is important because the devices often contain sensitive data, such as personal photos, email information, credit card numbers, passwords, business data, corporate secrets, or the like, relating to the applications executing on the devices.
According to existing procedures for authenticating users of touch screen devices, the user either enters a password/PIN code or draws a geometric pattern on a grid of points in a predefined sequence. However, touch screen devices are often used in public settings. Therefore, attackers may be able to spy on users to determine the passwords/PIN codes or patterns for their touch screen devices relatively easily. Furthermore, attackers may be able to extract the passwords/PIN codes or patterns for touch screen devices from recent user input based on smudges or marks left on the touch screens by users' fingers, touch pens, or other touch input devices.