Do we really need passwords and PIN codes any more?
The human brain is often cited as the most complex object in the universe. Whether that's true or not (and it depends on your definition of complex), there's no question that the brain is capable of absolutely astonishing acts of recall. Most of us would be able to sing entire songs based on the first few notes or even just the title, or recite long poems, or give the dates and details of important historical events. The amount of information we can immediately remember with high precision is amazing.
So, given that we are all equipped with the greatest biological computer ever made, why do we have so much trouble remembering ten-character passwords or even four-character PIN numbers?
The answer is, of course, the context: all of us can remember complete pieces of music, but very few of us could remember an equivalent amount of random notes. Our brains are clearly built to recall things in context, probably because they use context in compression techniques. Data compression works by editing out repeated sequences, but written passwords and PIN numbers are supposed to avoid repeated sequences because they would be a security risk.
And that's the dilemma: we find it easy to remember huge amounts of data in context, but if a password is based on context it may be much easier for other people to guess. How do we get the easy-to-remember benefits of context-based passwords without giving up the hard-to-guess security of random passwords?
Warp speed, Mr Sulu
This writer recently watched some original 1960s episodes of Star Trek, and one prop which comes up again and again is an electronic document reader which periodically requires the captain's signature to authorise orders:
In case you're wondering, this is an episode called "The Deadly Years" where Kirk ages too quickly.
To modern eyes this seems quaint and old-fashioned, which is probably why physically signing electronic documents was abandoned by later Star Trek versions. But is this kind of technological snobbery sensible? Could the simple timeless act of writing your own name in your own style actually be the best way to combat password fatigue? Might we all one day be using signatures on computers, just like the 1960s crew of the Enterprise?
On the surface, a signature seems dangerous to use as a password because anyone who sees it on a printed document (such as a driving licence or passport) could copy it. However, Captain Kirk did not sign things by uploading an image file, he signed things just like we do today, by constructing his signature in a series of specific pen strokes. A device with a touchscreen would be able to detect not only what the finished signature looked like but how it was written, including the speed, sequence and (possibly) pressure for each component. Such elements could not easily be discerned from the finished signature, yet they would be instinctively known by the true owner of the signature.
Perhaps people who need to prove their identity online could simply write their names, just as they have done for centuries with paper documents? They wouldn't even need to invent a password, everyone knows their signature throughout their lives.
Security through doodling
This isn't a new idea, there have long been systems developed for measuring and analysing signatures, but so far no major online company offers their use instead of passwords or PIN numbers. It could be that signatures aren't quite as uniform as we think they are, and even if they are there is a risk in putting all your security eggs in one basket. If someone managed to get a recording of how you signed your name then they'd be able to copy it exactly, and you'd have to change your signature which is a lot more difficult than changing your password or PIN.
But other context-based passwords using a pen are also possible. One popular technique for memorising a piece of information is to associate it with something visual. What if instead of writing a signature people drew a picture? The same kinds of style data present in handwriting could be detected in handdrawing, and a user could have different pictures associated with different services. You might draw an envelope in a particular manner to access an e-mail service, or draw a musical note in your own style to access your online music collection. As long as you draw it in a reasonably consistent way, and as long as no one saw you drawing it, such image-based passwords would be much easier to remember than the random kind we're supposed to use now.
Two potential passwords entered on an N97. Which one would you find easier to remember?
The numbers on the left are much harder to remember than the drawing on the right, yet the drawing could act as a much more complex and secure password. If the phone was able to record how the drawing was constructed, it would be impossible for outsiders to copy simply by looking at the finished picture.
Obviously no one wants to draw a picture every single time they do something on the internet, but no one wants to enter a written password every single time either, which is why most people use cookies or browser memories to store passwords. Those same features could be used to store visual passwords too.
Could Symbian help graphical passwords take over from written ones?
Using drawings as passwords isn't a new idea either, but what is new is the potential means to deploy them. Until now, very few people owned an electronic device they could draw on. PDAs have been touch-sensitive for decades, but they have always been an expensive niche item bought by small numbers of people. What is needed for graphical passwords to take off is a mass market device which is cheap enough for large numbers of people to afford, and attractive enough for them to want to actually buy it. The mobile phone certainly fits the description of being mass market, there are about 1000 million mobiles sold every year which is far more than any other electronic product. However, these are almost all button-based phones. For graphical passwords to become standard, the majority of phones would have to be touch-based, which hasn't happened yet, and is unlikely to happen as long as touch-based phones remain expensive.
And that's where Symbian comes in. The latest version of Symbian S60 is touch-based, and has been deployed very successfully on the Nokia 5800, which is selling at a rate of over one million units a month. That's only a small part of the 80+ million mobile phones sold globally per month, but it's a much larger proportion of the smartphone market and it's a lot more than any PDA ever sold. What's more, over the last few years Symbian has been appearing on ever-cheaper models which can reach ever-larger audiences. The 5800 itself is a relatively low-cost smartphone, at around half the price of the N97 or iPhone, and there's an even cheaper model (the 5530) due to be released very soon. Within a few years, we may see touchscreen phones at the lowest end of the market, and it's the lowest end that makes up the majority of sales.
Because touchscreen phones have been historically expensive, no one knows if they can ever replace button-based phones, and it's possible that most people will carry on preferring to use buttons. But if touchscreen phones do eventually take over the phone world, they could be the most powerful weapon in the war against password fatigue.
Password fatigue is not a trivial issue. Many security breaches are caused by people using the same password across several services simply because they cannot remember more than one or two passwords. Other breaches are because written passwords are too easy to guess. Graphical passwords are easier to remember, more intuitive to enter and potentially more complex than written ones, so they could make the internet not just easier to use but also a lot more secure.
Symbian offering a taste of the future?
In fact, we have a piece of this potential future in our hands already. You can actually use pictures as passwords right now on Symbian S60 5th Edition devices such as the Nokia 5800 or N97. Their handwriting recognition input method has a learning mode where you can teach it, to associate strings of text with particular doodles. If you associate particular written passwords with particular doodles, you could use doodles to enter passwords. (This can also be done on Nokia's Maemo-based devices like the N800 and N810, using exactly the same process.)
(Author's note: Unfortunately the current version of the S60 handwriting recognition system seems to have too many preset characters in its database, so most doodles you suggest are rejected as duplicates. If anyone from Nokia and/or Symbian is reading this, can you greatly reduce the number of default preset characters used by the system? The system would work much more effectively if it only used characters from the currently-selected language.)
Tzer2, All About Symbian 23rd August 2009
Published by Tzer2 at 1:32 UTC, August 21st 2009
Categories: Comment, Software, Hardware
Platforms: General, S60 5th Edition
Feature Discussion
I would love to have finger-print reader on my cell to replace passwords! On touch-screen phones it will be fantastic!
I'm not much into tech-stuff but for non-touch phones, using the front-camera for eye-iris-detection can be good a good way to replace passwords and codes.
1) Start with a line from your favourite poem or lyrics of a song you like.
2) Replace "for" with "4", "to" with 2, "you" with "U", etc. (this step is unnecessary for Prince songs :-)).
3) Your password is obtained by concatenating the first letter of each word, respecting capitalization. Include punctuation as well, if possible.
There you have it, a way to use the brain's ability to remember information within a context which doesn't require special input methods like a touchscreen or an accelerometer.
LOL, I was just thinking that! :-)
Better not use a Prince track then, they'll be the first things that password thieves will try... ;-)
Interesting method, thanks for posting it!
I would take the method even further and remove all the vowels to prevent a "dictionary attack". So for example "With Love From Me To You" would become wthlvfrmm2u which seems quite unguessable.
[quote]I mostly use letters, then transcribe them into their T9 variants, then alternate them, or place the numbers behind, or in front of the word.[/quote]
So you mean A, B or C would become 2 etc? Interesting idea too...
Americans seem to use that a lot when advertising phone numbers, never really caught on in Europe though.
Thanks for the information that S60v5 does shortcuts. I hadn't twigged to that. I'll have to go off and play with that.
Americans seem to use that a lot when advertising phone numbers, never really caught on in Europe though.[/quote]
Yeah, like if I were to use "Tzer2" as a password, it might end up as "Tzer28937abc"/"T8z9e3r72abc"/"8937abcTzer2", with Tzer becoming 8937, and the 2 becoming either a, b, or c, depending on what tickles my fancy. Usually I put all 3 to aid memorizing.
My personal opinion is that biometrics are the way to go and for added security, simply slap a short pin or gesture and you have a dual layered mechanism that involves something you have and something you remember.
I did say in the article that this isn't a new idea, but what IS new is the prospect of intelligent touchscreen devices being cheap enough for the mass market.
The Newton and other devices were very expensive, the N97 and iPhone are very expensive, but (for example) the upcoming Nokia 5530 is getting much closer to a price where a large proportion of the market might be willing to buy a touchscreen device. There is still some way to go in reducing prices, but Symbian's appearance on lower-priced hardware means it's possibly the best-positioned format to popularise doodle-based passwords.
[quote]My personal opinion is that biometrics are the way to go and for added security, simply slap a short pin or gesture and you have a dual layered mechanism that involves something you have and something you remember.[/quote]
As long as biometrics isn't a replacement for passwords...
There's the danger people will just use biometrics without any kind of password, which would reduce security because biometric measurements by definition never change.
Here's an example: I want to use a house so I choose the password to be 247896.
Why this password? Because if I draw a house on 3x3 grid starting from the roof i must go through these numbers.
It's not a real house but an approximation in my head and I'll remember it.
Another example is the Google's G-password in Android. It would be 321478965.
The Newton and other devices were very expensive, the N97 and iPhone are very expensive, but (for example) the upcoming Nokia 5530 is getting much closer to a price where a large proportion of the market might be willing to buy a touchscreen device. There is still some way to go in reducing prices, but Symbian's appearance on lower-priced hardware means it's possibly the best-positioned format to popularise doodle-based passwords.
[/quote]
No objections there. Touch has taken a long road to acceptance for sure.
[quote=Tzer2;434137]
As long as biometrics isn't a replacement for passwords...
There's the danger people will just use biometrics without any kind of password, which would reduce security because biometric measurements by definition never change.
[/quote]
Well, the best security is always a layered system comprising of some combination of something remembered (password, pass-phrase, doodle), something possessed (key, card, SecurID) or something of you (biometrics). Or even multiples of all combinations in extremes.
I've been to places where they requires a pin, thermal fingerprint, keycard and multi-frame retinal scan.
Which always brings up that funny scene from "Monsters vs. Aliens."
Properly implemented, the non-changing nature of biometrics should not be a problem since, properly implemented, you cannot provide the authentication without that part of the biometric reading being present in living state. The unique nature of properly implemented biometric security ties access uniquely to the authorized user to a statistical certainty.
Key-rotation shouldn't be necessary if the biometric readings cannot be falsified or presented in proxy.
Many biometric systems implemented today, especially at the consumer level, are quite inadequate.
I agree, and the suggestion I made in the article about using signatures as passwords would be fine if it could never be reproduced by others (I don't just mean the appearance of the signature but the strokes used to write it). It would be easy too because everyone knows how to sign their own name.
But as with the signature suggestion the problem is what do you do if there is some way for crooks to reproduce the biometric data? With passwords it's easy to change them but biometric data and signatures are much more difficult to change.
If you use doodles that's something that's only in the person's head, and they can change from one doodle to another relatively easily just like passwords.
Notice I said "properly implemented" and how lacking some consumer solutions are.
As a sidebar, the methodology deployed in MythBusters are highly unscientific and almost always for entertainment purposes with a sprinkle of facts. It often does more to harm than good to educate, you can probably learn more facts watching ER or an episode of CSI.
High security palm and finger print scanners detect ridge details that cannot be easily falsified by making use of the residual print on the scan glass. It is also very good practice to smear your print after every use.
That said, there are also alternatives to visual-based fingerprint scanning such as a thermal capacitance scanner. A simple implementation of those can be found on certain Lenovo ThinkPads and also on Compaq iPaqs.
[quote=Tzer2;434251]I agree, and the suggestion I made in the article about using signatures as passwords would be fine if it could never be reproduced by others (I don't just mean the appearance of the signature but the strokes used to write it). It would be easy too because everyone knows how to sign their own name.
But as with the signature suggestion the problem is what do you do if there is some way for crooks to reproduce the biometric data? With passwords it's easy to change them but biometric data and signatures are much more difficult to change.
If you use doodles that's something that's only in the person's head, and they can change from one doodle to another relatively easily just like passwords.[/quote]
Absolutely true.
Signatures are a bad idea and so is storing unhashed biometric data and poorly designed scan input systems that can easily provide a method of by-passed data injection and or input by proxy.
This concern about "biometric theft" has been brought up when many governments of the world decided it was a good idea to incorporate biometric information in passports.
Many very valid and real security issues were brought up but often to deaf ears.
Good article though and I hope I didn't inadvertently hijack this discussion into one discussing access security in general.
Main Navigation
|
» Home (1) » News (2) » Reviews (3) |
» Features (4) » Media (5) » Forums M | Full (6) » Top (9) |
Advert
mobile.allaboutsymbian.com