A world without passwords? Yes, please

25 Jun

Here’s a quick question: how many passwords do you have? Probably a lot. A study five years ago by Microsoft found the average internet user had about 6.5, maintained 25 accounts that require them and typed in about eight per day. With the rise of social media since then, those numbers have probably all gone up.

At the same time, unless you’ve got Rain Man-like skills with numbers, your passwords probably aren’t all that secure. If, like me, you use the same password for a bunch of different accounts, you’re probably setting yourself up to get hacked (I’m just too forgetful to even try to remember multiple passwords).

Fortunately, the military is on it. The Defense Advanced Research Projects Agency – the same people who brought us the internet – has a program called Active Authentication that seeks to give computers the ability to identify their users. The idea is to eliminate passwords entirely, to the point where the computer does its recognition work in the background. All the user has to do is sit down and get to work.

This can be accomplished by outfitting computers with an array of biometric tools and sensors, according to program director Richard Guidorizzi. A computer could identify its user, for example, by scanning a combination of his or her fingerprint, their pattern of mouse usage and even writing style. By incorporating such biometrics, the computer could effectively build a “cognitive fingerprint” of users that would be much more effective – and natural – than remembering a whole slew of complicated passwords.

Here Guidorizzi explaining the idea:

It sounds wacky, but that’s DARPA’s specialty. It wasn’t so long ago that the agency was experimenting with a certain voice-recognition tool, which is now popping up all over the place.


Posted by on June 25, 2012 in computers, DARPA


4 responses to “A world without passwords? Yes, please

  1. Daniel Friesen

    June 25, 2012 at 4:02 am

    Sounds like an interesting theory. But the introduction to the idea was done without recognizing other prior art at handling large numbers of passwords like KeePass, LastPass, and Steve Gibson’s Password Haystacks. Things developed in an apparent vacuum of isolation aren\’t that optimism inspiring.

  2. I'm secure

    June 25, 2012 at 9:28 am

    I’ve been using 1Password for years without any security problems.

    I doubt I’d be willing to use biometric sensors that increase the cost of the computer for very little gain in security.

  3. ncrdrg

    June 25, 2012 at 10:06 am

    A complicated solution for a problem that was already solved. I use LastPass and with it, I can generate a password, it will remember it and automatically enter it when I visit a website requiring a password and it even synchronizes those passwords securely.

    Check it for yourself Peter,

    Haven’t had to remember a password in a good while here.

  4. Marc Venot

    June 25, 2012 at 5:45 pm

    There is more than computers that need to be restricted to its registered users, for example cars and even more critical guns.

%d bloggers like this: