Intelligent Passwords

I attempt and dare to solve the problem of password-stealing which occur primarily due to Social Engineering Hacks. Also, this adds another layer of protection over passwords and make passwords more secure and usable!

The method exploits the fact that given a word to type, different people will type the word in different fashions. The speed of typing will be different and the typing-accent will vary. We now attach this typing-accent attribute to the password and make them more secure i.e. even if you tell your password to a third-person, he wont be able to authenticate himself as you.

Also, this improves the usability of passwords. As pointed by Jakob Nielsen, un-masking the password would provide better usability. Passwords can now be unmasked as this method tries to cover for the social engineering hacks which are the clear threats to unmasking passwords.

As a proof of concept, i provide a demo here. The demo is Javascript based, where you can set your password and then attempt to enter it again. Try different accents in typing like typing the first three characters very fast and then rest very slow. If you have people around you, please experiment with them by asking to enter the same password!

Feedbacks/Comments Requested!!

Comments

  1. aNishJuly 10, 2010 at 10:43 PM

    Backspaces are counted too..

    It's cool to have a password with passsword !!

    ;)

    I feel it's better to neglect few keypresses such as backspace, return esc etc...

    Attaching typing accent would impose a lotta overhead on the user himself..
    He wont be able to login when he's boozed..or wot if he sets the password wen he's boozed??

    ReplyDelete
  2. ashishJuly 11, 2010 at 7:55 AM

    Please bear with bugs, this was released as a proof of concept.

    Thanks for the comments on usability by the way!!

    ReplyDelete
  3. UnknownJuly 14, 2010 at 9:47 AM

    Boss!!!!! Brilliant idea...

    small suggestion... May be you can increase the time diff from 100ms to 300ms.. for me it passed 5 out 10 times.

    but, don't know how you people can think like this :-)

    ReplyDelete
  4. MurgeshJuly 19, 2010 at 12:51 PM

    Awesome idea dude & for important accounts this really works !!!

    But u know what this option should be configurable to the user as some novice user may feel it very difficult :-) :-) (new requirement)

    And ha one more important point we can think about this password secuirty is- We can have a combination of keys enable and disable during configuring the password (for eg we can configure kkk123 (caps lock matters only for characters and not for numbers we can also check if caps lock & scroll lock enabled or not during configuring the password and we can take the password (for both numbers and characters) along with CAPS Lock, Scroll lock & Keypad enabled or disabled in keyboard)

    ReplyDelete
  5. ashishJuly 19, 2010 at 10:31 PM

    Thanks Prasanna and Murgesh for the comments!! Sure this piece needs more work...

    @Murgesh, i would definitely work to extend and implement your suggestion!!

    ReplyDelete

Post a Comment

Popular posts from this blog

Alarm Clock Myth - How to wake up early

Image
Everyone wants to wake up early, and make good use of those extra early morning hours. But we fail all the time, even if we succeed, its one-off times. I thought its a good opportunity to seize and fix this problem with the existing alarm clocks. I started exploring the existing solutions out there and found there are quite many interesting stuff: A whole breed of biologically sync'd clocks who wake you up when you are least in sleep Hard to snooze alarm clocks which ask you to solve a difficult puzzle to snooze an annoying alarm tone Motivational messages to wake you up I gave all the existing products a lot of thought and why they don't quite work. Here is my conclusion: People don't really understand the real purpose of alarm clocks .   Here's the deal: Alarm clocks are not meant to wake you up. Yes, you read it right. Alarm clocks really are the mission-control, last resort plan to wake you up at the deadline time. You are supposed to get up on
Read more

The little thing that makes me hate Android

Android is awesome. We found love in a hopeless place. It's the unix of mobile phones. But it is so fricking annoying when: It vibrates on shutdown Why? Why does it have to vibrate on shutdown?? My phone battery definitely dies everyday because battery-life sucks and I suck more since I am too lazy to keep my phone charged. Now, when battery gives up, phone shuts down silently and in the end it vibrates. I pull the phone out of my pocket to see what the vibration was about, click the Power Button and it starts booting up, just to shutdown again! You may call it a dark pattern/(insert a mumbo-jumbo here), I call it wtf. wtf.
Read more

Hacking Patience

Being patient is one of the toughest things I deal with. I can't keep calm. Now I'm not sure if it's just me or if it's really a social side-effect of being a programmer. Programming is one of the jobs where you see results for your actions in near-real-time. I can't think of any other job which reflects upon your action any faster. We act, and we expect results. We expect them soon enough. Hell, we demand results. This vicious cycle in our daily lives is making us a little more impatient daily. The real problem is that this sense of being impatient towards things and events makes way into our real lives. It gives birth to all sorts of problems. You are more anxious, and can't calm down unless you witness the outcome. You fail to respect that other person needs his/her own space and time to sort out matters which involve you. You get frustrated/irritated more easily when you don't see immediate results, which will often be the case really. Truth
Read more