Archive for February, 2016

Touchscreen Password Idea

Monday, February 1st, 2016

Passwords are a problem, and lots of people say they are doomed, but I have seen no good alternatives, so I sometimes think about making them better.

Touchscreens are important yet really hard to enter good passwords.

Also, I would like to do more of a “key exchange” when entering my password. I use different computers and I don’t reuse passwords between these computers, which means I sometimes enter a password for the wrong computer. Oops! Some sort of richer interaction with the other end would prevent this.

So here is my (embrionic) idea.

Have the password be a location in a virtual 3D space. Use the 3D hardware capabilities of phones and tablets and have the user drag around the screen to drive to the location that is the password. By having different randomly chosen starting points in the 3D space for each login attempt a simple “key logger” is made more difficult as is reading screen smudges. By having more of the space revealed as the user navigates the computer has to reveal more information in response to the user’s input, making it more of a “key exchange” and making the space richer and so lengthing the password.

Put another way: a complex 3D space, uniquely generated for each user. The password is a “secret button” somewhere is the space. To authenticate the computer starts the user in some random location and the user flies through the space and touches the secret button but no other.

Shoulder surfing is a problem, but once the user gets good at it s/he might be swooping through so fast that a casual observer might have a hard time realizing what just happened. Particularly if there were a needle-threading aspect where some routes are good and other are not.

By using the full power of the GPU it also puts a limit on how far away a man-in-the-middle could be. (Which makes remote authentication tricky.)

By drawing on the user’s motor skills there might be a way to drop the password down in the brain so the user doesn’t know it in a way that can be told to others. Make the password more like a customized motor skill.

-kb

©2016 Kent Borg