Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

“The Unique You to Build a Better Password”

December 27th, 2011 / in research horizons, Research News / by Erwin Gianchandani

The New York Times published a two items last Friday about computer security research efforts to supplement, and perhaps one day eliminate, passwords. From the print edition:

One touch-recognition password involves turning an image of a combination lock 90 degrees [image courtesy Fred R. Conrad/The New York Times].Passwords are a pain to remember. What if a quick wiggle of five fingers on a screen could log you in instead? Or speaking a simple phrase?


Neither idea is far-fetched. Computer scientists in Brooklyn are training their iPads to recognize their owners by the touch of their fingers as they make a caressing gesture. Banks are already using software that recognizes your voice, supplementing the standard PIN.


And after years of predicting its demise, security researchers are renewing their efforts to supplement and perhaps one day obliterate the old-fashioned password.


“If you ask me what is the biggest nuisance today, I would say it’s the 40 different passwords I have to create and change,” said Nasir Memon, a computer science professor at the Polytechnic Institute of New York University in Brooklyn who is leading the iPad project [more after the jump].


Many people would agree. The password has become a monkey on our digital backs — an essential key to our many devices and accounts, but increasingly a source of exasperation and insecurity.


The research arm of the Defense Department is looking for ways to use cues like a person’s typing quirks to continuously verify identity — in case, say, a soldier’s laptop ends up in enemy hands on the battlefield. In a more ordinary example, Google recently began nudging users to consider a two-step log-in system, combining a password with a code sent to their phones. Google’s latest Android software can unlock a phone when it recognizes the owner’s face or — not so safe — when it is tricked by someone holding up a photograph of the owner’s face.


Still, despite these recent advances, it may be premature to announce the end of passwords…


The touch-screen approach of Professor Memon in Brooklyn works because, as it happens, each person makes the same gesture uniquely. Their fingers are different, they move at different speeds, they have what he calls a different “flair.” He wants logging in to be easy; besides, he said, some people find biometric measures like an iris scan to be “creepy.”


In his research, the most popular gestures turned out to be the ones that feel most intuitive. One was to turn the image of a combination lock 90 degrees in one direction. Another was to sign one’s name on the screen. In principle, the gesture can be used to unlock a device, or an app on the device that safely holds a variety of passwords…

Read more about this and related approaches in the Times story, as well as in the companion blog post.

(Contributed by Erwin Gianchandani, CCC Director)

“The Unique You to Build a Better Password”

Comments are closed.