12 Easy-Peasy Passwords Designed to Foil Hackers
Why is it so difficult to remember all of our passwords and so simple for a hacker to break in? Take, for example, the more than 1 billion user names and passwords that were stolen from some 420,000 websites recently by the Russian gang called CyberVor. One billion. These Internet credentials weren't stolen from individuals' personal computers, but from online vendors that store user names and passwords to give members access.
Here's the deal: If you didn't have to use and store your password in the first place, it wouldn't get stolen.
Researchers are one step ahead of you. Myriad labs are working on a variety of methods to secure online information or give users access to personal data without having to type in passwords. Many of them tap into biological characteristics unique to each person. You've probably heard of some of the more common methods, such as fingerprint scanning -- the iPhone 5 has that option -- and iris identification. But there are a host of others you may not know exist. Your heartbeat, for example. What about brainwaves? Body odor? How about your butt?
Here we look at 12 unusual ways to access secure information by means other than typing in letters, numbers and/or special characters. Some of these methods are available now and others are still in the lab. But the good news about all of them is that you never have to memorize a thing.
We've all heard of fingerprint authentication. But this technique is a little different. Users place all five fingers on a screen, then draw them together in a swiping motion. Every single person will perform this motion differently and that's the key to giving the right person access. The five-finger gesture authentication technique was first developed by Napa Sae-Bae when she was a PhD candidate at Polytechnic Institute of NYU.
The same team working on finger swiping is also looking at ways to authenticate a person by hand shape and finger length. Combining this technique with finger swiping or fingerprints would add that much more credibility to the person logging in to a secure site.
Think of this technique as a "pass-thought," instead of a password. It was developed by John Chuang of the UC Berkeley School of Information and his colleagues and it uses technology that analyzes brain waves. Users wear a Neurosky Mindset headset and then perform a series of mental tasks, among them coming up with a "personalized thought." While their brainwaves are being analyzed, a computer program distinguishes the personalized thought from the other thoughts and is able to use the difference between the two later to identify the individual when they think those thoughts again. Such a technique could be used to log into a computer with your imagination.
This method also uses technology that measures brain waves, but it analyzes them according to the emotional response a person has when looking at images. It was developed by Ken Revette, a professor of computer science at the British University in Egypt. In an experiment, he and his colleagues asked participants to chose two pictures: one of a landmark, for example the Golden Gate Bridge, and the other of a relative, such as a sister or father. The brain waves change from one photo to the next in a specific way for each person. That difference could be used to distinguish the right person from wrong.
What you see is an illusion. That's because your eyes make two different kinds of movements: a saccade, which is a swift, jerky motion that results when a person tries to focus; and a fixation, which is when the eye rests on a given point. Our brains smooth the motions into one continuous view, but a camera could pick up those movements, which are unique to each person.
Oleg Komogortsev, an assistant professor in the computer science department at Texas State University-San Marcos, developed a way to to track those different eye movements and thinks that a technique based on them could be combined with eye-scanning technology already on the market such as retinal scanning, which analyzes the pattern of blood vessels on the retina or iris scanning, which analyze the pattern in the iris. Neither of these technologies are 100 percent fool-proof. But they could be.
Car are just big computers and even modern-day car thieves know how to break into your ride. But researchers at Tokyo’s Advanced Institute of Industrial Technology are working on a way to capture the unique signature of your hindquarters. They've embedded a seat with 360 sensors designed to analyze the pressure and weight applied and then a computer creates a 3-D representation of your butt-print. In this way only authorized cheeks can sit behind the wheel.
Not all humans stink the same way. Researchers at Spain’s Universidad Politecnica de Madrid, in collaboration with tech firm IIia Sistemas SL, are developing a system that can verify people by their scent signatures. The researchers think that their technology could sniff out the good guys from the bad in airports, border checkpoints or anyplace where photo identification is required.
Your heartbeat is all yours. This wristband called Nymi checks your pulse using electrocardiogram (ECG) sensors and then links it with electronic devices from iPads to vehicles, to authenticate use. You can pre-order one here for $79.
Google, the world's largest search engine, is looking for ways to secure information. Last year, it introduced a prototype USB drive mounted on a ring. The USB contains a piece of digital information used to generate two cryptographic keys -- one public and one private -- whenever someone signs up with a website. The public key is stored on the website's server; the private one is stored on the USB device. Later, when a person logs onto the website, the site uses the public key to create a mathematical challenge that can only be solved by the private key stored on the USB drive. As long as you have the USB drive, you have the password. Google has not yet addressed what would happen if someone lost the USB drive. But I guess that's what search is for, isn't it?
Winfrasoft/PINGrid via Youtube
UK-based Winfrasoft is working to make passwords easier and more secure. Their researchers have developed a grid with numbers reminiscent of a Sudoku puzzle. Users select a pattern on the grid -- for example, diagonally down from top-right to bottom-left -- as their "password." That motion generates a combination of numbers based on the ones in the boxes. Once a minute, the numbers inside the boxes change, but it's no matter -- the user only has to remember the diagonal action.
Motorola via Youtube
Here's a solution that might be a little hard to swallow. Last year at the D11 conference, Motorola executive (and former Defense Advanced Research Projects Agency head) Regina Dugan introduced the idea of “vitamin authentication.” Taken daily, the tiny electronic pill would switch on once it reached the stomach, where acids there would work as an electrolyte in the chip’s battery and power it. Each new chip would generate a unique 18-bit signal that can be picked up by an external sensor. That signal could work to authenticate users when they touched a device, since skin conducts electricity. Tap your phone or laptop and you're in like Flynn.
In addition to pills, Motorola researchers are looking at tattoos for authenticating users. Okay, they're stick-on tattoos, but electronic tattoos are being worked on elsewhere and the idea of embedding electronics in the skin is not that far off. The nickel-sized stickers from Vivalink sync with Moto X devices. When it comes time to use your phone, tap the sticker on your arm and the phone unlocks.