In a paper titled “ActivPass: Your Daily Activity is Your Password,” a group of researchers located in universities in Texas, Illinois, and India lay out a novel approach to improving the security of login activity. The main thrust of ActivPass is to observe a user’s recent Facebook, browser, phone, and SMS activities and ask them questions based on those activities, which in an ideal world only the users themselves would be able to answer. For example, “From whom did you get your first call this morning?” could be a question posed to a user when they try logging in to a website.
The ActivPass project aims to address areas where traditional passwords are failing, including the increasing burden on users to remember a growing number of passwords (or to ease that burden by choosing common passwords that diminish security), sharing of passwords for cloud-based services like Netflix, and the increasing vulnerability of passwords being stolen.
Users would be able to configure the system to determine how many questions must be answered for successful authentication, whether multiple-choice questions can be asked, and permissions to activity logs.
After an experiment involving 70 participants and their smartphone activity logs (tracked with an app), the researchers say their end-to-end ActivPass system was successful (i.e., authenticated legitimate users) 95 percent of the time. However, it was also compromised (i.e., authenticated impostors) 5.5 percent of the time.
“While this level of security is obviously inadequate for serious authentication systems, certain practices such as password sharing can immediately be thwarted from the dynamic nature of passwords,” according to the paper. While someone may be willing to share a password for their Netflix account with a friend, they may not be as willing to share their personal activities.
The researchers are speaking with companies like Yahoo and Intel to gauge how useful this approach to passwords could be for enterprise users and what could be done to make it work, said Romit Roy Choudhury, an associate professor at University of Illinois at Urbana-Champaign and a co-author of the paper, in an interview with MIT Technology Review.
Editors' Recommendations
- Top 10 Windows shortcuts everyone should know
- As a loyal iMessage user, I’m sick and tired of Apple’s resistance to RCS
- Twitter’s latest features are all about curbing election misinformation
- Meta wants you to use its creepy Portal as a secondary monitor
- Facebook Messenger finally starts testing end-to-end encryption for all chats
