Move over '123456': passwords to go high-tech

Mar 13, 2014 by Marie Julien
View of a PINgrid interface developed by Britain's Winfrasoft at the 2014 CeBIT computer technology trade fair on March 11 in Hanover, central Germany

Internet users may soon have a secure solution to the modern plague of passwords, in which they can use visual patterns or even their own body parts to identify themselves.

Developers at the world's biggest high-tech fair, CeBIT, say that one of the biggest frustrations of having a smartphone and a computer is memorising dozens of sufficiently airtight passwords for all their devices and accounts.

"The problem of passwords is that they are very weak, they are always getting hacked, and also from a user point of view, they are too complicated, everybody has 20, 30, 60 passwords," said Steven Hope, managing director of Winfrasoft from Britain, the fair's guest country this year.

"They all have to be different, no one can remember them, so everybody writes them down or resets them every time they log in. They don't work in the real world today."

Passwords have proliferated so much that it's a daily struggle for users to cope with so many of them.

And as millions of Internet users have learned the hard way, no password is safe when hackers can net them en masse from banks, email services, retailers or social media websites that fail to fully protect their servers.

Many simply throw in the towel and use no-brainer codes like "123456" and "password"—which are still the most common despite how easily they can be cracked, CeBIT spokesman Hartwig von Sass said at the event in the northern German city of Hanover.

In response to the vulnerabilities and hassles of the antiquated username-and-password formula, Winfrasoft has developed an alternative based on a four-colour grid with numbers inside that resembles a Sudoku puzzle.

Users select a pattern on the grid as their "password" and because the numbers inside the boxes change once per minute, the code changes too, making it far harder to hack.

"There is no way anybody could see which numbers you are looking at. You see typing numbers but you don't know what the pattern is because each number is here six times," Hope said during a demonstration.

Backup from body parts

Biometric data offers another alternative to seas of numbers, letters and symbols.

US giant Apple has already equipped its latest generation iPhone with a fingerprint reader to boost its security profile.

But a group of European hackers, the Hamburg-based Chaos Computer Club, demonstrated that the system could be pirated using a sophisticated "fake" fingerprint made of latex.

Japan's Fujitsu turned to the other end of the hand and has developed an identification system based on each person's unique vein pattern.

A lifesize humanoid robot "RoboThespian" interacts with fair visitors at the Engineered Arts Ltd stand of the 2014 CeBIT computer technology trade fair on March 11, 2014 in Hanover, central Germany

At its CeBIT stand, the company was showing off its PalmSecure technology on its new ultra-light laptop computer which has a small sensor built in.

Meanwhile Swiss firm KeyLemon has developed a system using a webcam.

The computer registers parts of the face, "the eyes, the eyebrows, the shape of your nose, your cheekbones, the chin..." a company spokesman said.

The person must then only sit in front of the screen to be recognised and gain access to the computer.

The system, already used by some three million people according to the company, still has a few kinks however so users must remember to take off their eyeglasses, for example, or have consistent lighting in order to pass the identity test.

"Face recognition and fingerprint recognition are additional safety security features, they will never have only face recognition or " but rather use them as a crucial backup to passwords, he said.

Explore further: Biometrics researchers see world without passwords (Update)

add to favorites email to friend print save as pdf

Related Stories

Geographical passwords worth their salt

Feb 14, 2014

It's much easier to remember a place you have visited than a long, complicated password, which is why computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE, is developing a system he calls geographical ...

Recommended for you

Taking great ideas from the lab to the fab

3 hours ago

A "valley of death" is well-known to entrepreneurs—the lull between government funding for research and industry support for prototypes and products. To confront this problem, in 2013 the National Science ...

SR Labs research to expose BadUSB next week in Vegas

4 hours ago

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional ...

US warns retailers on data-stealing malware

5 hours ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Mar 13, 2014
. . . so users must remember to take off their eyeglasses, for example, or have consistent lighting in order to pass the identity test.

Or remember to carry a print of a good photo of themselves.

OK. I imagine the developer has thought about that vulnerability, but then what about a mask with pertinent features printed on?

Depending on the value of what's being protected, criminals will go to some effort to break in. You also have to make allowances for potential development of countering technology. As much as I hate passwords, I'd be reluctant to accept a new system until it has been exposed to criminal activity for a significant period.
antialias_physorg
5 / 5 (1) Mar 13, 2014
Or remember to carry a print of a good photo of themselves.

Surprisingly that doesn't work for some systems (neither are these system fazed by identical twins). Reason being: the CCD cameras in your phone/webcam are sensitive not only to visible light but also somewhat in the IR spectrum. And that in turn can distinguish artery/vein patterns which aren't present in printouts (and which aren't identical between identical twins)

Of course you could get an IR image of someone and fake that with some effort (making a display with additional IR LEDs). But that is not something that is off-the-shelf.
Skepticus
not rated yet Mar 13, 2014
I think the wrinkle patterns on my scrotum are distinctive enough to be used in place of a password. Unlike finger prints, nobody can get at it unless they kidnap me, in that hypothetical case ALL KINDS of passwords/codes are potentially able to be extracted!