Saturday, July 10, 2010

Intelligent Passwords

I attempt and dare to solve the problem of password-stealing which occur primarily due to Social Engineering Hacks. Also, this adds another layer of protection over passwords and make passwords more secure and usable!

The method exploits the fact that given a word to type, different people will type the word in different fashions. The speed of typing will be different and the typing-accent will vary. We now attach this typing-accent attribute to the password and make them more secure i.e. even if you tell your password to a third-person, he wont be able to authenticate himself as you.

Also, this improves the usability of passwords. As pointed by Jakob Nielsen, un-masking the password would provide better usability. Passwords can now be unmasked as this method tries to cover for the social engineering hacks which are the clear threats to unmasking passwords.

As a proof of concept, i provide a demo here. The demo is Javascript based, where you can set your password and then attempt to enter it again. Try different accents in typing like typing the first three characters very fast and then rest very slow. If you have people around you, please experiment with them by asking to enter the same password!

Feedbacks/Comments Requested!!

5 comments:

  1. Backspaces are counted too..

    It's cool to have a password with passsword !!

    ;)

    I feel it's better to neglect few keypresses such as backspace, return esc etc...

    Attaching typing accent would impose a lotta overhead on the user himself..
    He wont be able to login when he's boozed..or wot if he sets the password wen he's boozed??

    ReplyDelete
  2. Please bear with bugs, this was released as a proof of concept.

    Thanks for the comments on usability by the way!!

    ReplyDelete
  3. Boss!!!!! Brilliant idea...

    small suggestion... May be you can increase the time diff from 100ms to 300ms.. for me it passed 5 out 10 times.

    but, don't know how you people can think like this :-)

    ReplyDelete
  4. Awesome idea dude & for important accounts this really works !!!

    But u know what this option should be configurable to the user as some novice user may feel it very difficult :-) :-) (new requirement)

    And ha one more important point we can think about this password secuirty is- We can have a combination of keys enable and disable during configuring the password (for eg we can configure kkk123 (caps lock matters only for characters and not for numbers we can also check if caps lock & scroll lock enabled or not during configuring the password and we can take the password (for both numbers and characters) along with CAPS Lock, Scroll lock & Keypad enabled or disabled in keyboard)

    ReplyDelete
  5. Thanks Prasanna and Murgesh for the comments!! Sure this piece needs more work...

    @Murgesh, i would definitely work to extend and implement your suggestion!!

    ReplyDelete