What are better alternatives to using a password to log in?
Image credit: Photo by Pixabay from pexels.com
Shubhankar Kulkarni Oct 30, 2020
Looking for better alternatives to log into your accounts online.
Every new hack will definitely have a counter-hack. What we can do is minimize the incidents of counter-hacking by improving the complexity of the hack or making it more and more person-specific. We have been using digital passwords since the beginning. We see accounts getting hacked.
Another disadvantage of using passwords is remembering them, and also remembering the answer to the security question. Saving passwords on your devices is a loophole, too.
This will be more and more important when the software to modify sound and images get popular (deepfakes). Sound-enabled and photo-enabled access will, therefore, not work.
What other ways can you think of to reduce (ideally, eliminate) hacking?
Security in a Nutshell
Tony Maniaci Feb 07, 2021
I work in security and design safe locks. This is a subject that designers have struggled with since ancient times. Authentication and Security is based on one of three fundamental sources for an HMI (human-machine interface).
A. What we Know - PIN Codes, Passwords, Key Phrases, etc.
B. What we Have - Keys or Tokens, both mechanical and digital, with physical contact or touch-free detection.
C. What we Are - Biometrics, biological detection of individual unique attributes. Finger/Hand print, Retinal or Iris scan, Facial Recognition, Voice print, DNA, etc.
Higher levels of authentication are generally achieved by combining two or three of these options and/or doubling up on methods. Exotic Detection systems are very expensive and can be influenced by fouling and environmental conditions.
One of the methods I have wanted to employ, but never got buy-in… A Scrambling Keypad. A dynamic code entry method that uses a PIN Code -without- a physical repeating Pattern. The concept is very simple:
Numbers appears in a grid, but the numbers are not sequential. Example:
5 2 6
4 9 1
3 8 0
_ 7 _
You have a known numeric PIN Code, the longer the better, but at least 4 digits.
Each time you enter a digit selection, you have to find that number and touch it.
Each time you touch a digit, a new scrambled grid appears to select the next digit. You then have to look and find the next digit in your code. When you have entered all your digits, it automatically authenticates your PIN code. Better yet, the last touch is an ENTER button so that the length of your PIN is obscured which makes code testing more difficult because the PIN length is unknown.
Advantages: There is no pattern to detect with forensic methods. Distant onlookers can’t use pattern recognition to repeat the entry. No optical or other secondary sensors are required.
Anja M Nov 02, 2020
I know this will sound complicated at first, but it is actually so more in a written explication than in a real usage. So, imagine all of the pixels of your screen as a homogenous whole. but once you access a password creation section you can virtually divide the screen to the shapes, sizes and numbers of "cells" you want. Then, you get to decide whether you want to use the lines or cell space for creating your password. So, if you have a grid and decide to simply tap the fields in the order you decide, it's still good because you lessen the chance of somebody knowing the layout you chose. (Pic 1) Also, if your grid is easy enough, or if you are quite self-confident, you can choose the screen to appear blank before you, without the grid with only a "type your passcode" message so you tap the screen in within the places of the cells you created.
Another option is to choose to tap the lines of your chosen layout in the direction you choose, so this version additionally diminishes the chances of somebody cracking it. (Pic 2) Also, it is user friendly enough, since the basic concept of choosing the connecting order of 9 dots exists on many models now.
Also, for both types: The software will work like vectors in Adobe illustrator, which means: every line you draw, be it a straight line or a curve (e.g.for a circle) will automatically be made straight and neat. In any case, both lines and cells occupy a certain and exact place on your screen, so like I said, if by any chance you happen to remember the exact spots and don't need a grid displayed, you are somewhat of a mini-savant hacker yourself. B-)
This is a very impromptu idea, but I guess it's actually easy and user-friendly enough, so I am open for suggestions for its enhancement. :)
Use fingerprint combinations
J. Oct 31, 2020
The idea is to use not only one reading of the fingerprint but a few. That adds a new security dimension that hackers must, not only hack one fingerprint but more of them. Even better, they need to hack it in the right order.
- As above mentioned, fingerprints are unique to an individual
- More fingerprints are harder hackable than one
- Creating unique fingerprint combinations
- Combinations also forgettable if too long
- Problems when we change fingerprint due to injury
Face recognition with blink patterns
J. Oct 31, 2020
This one is very challenging and abstract, but cool.
- Added security
- Could be slow
- Blink patterns can be forgotten
Spook Louw Apr 21, 2021
I think fingerprint recognition is a great security measure, hard to replicate, always on you and the technology seems to be sufficient.
If, however, the material being accessed is extremely sensitive or more than one person needs regular access to it, physical keys seem like a good option.
It could be coded to match a specific code that unlocks the device and the only way to access the material would be to have one of these "keys" near the device.
There are obvious drawbacks - 1. Keys get stolen, misplaced or forgotten
2. It's another physical object you have to carry along with you. (Unless you get the key implanted somewhere on your body)
The main advantage it has over fingerprint recognition systems is that you could give it to someone else to use when needed, but unlike a password, they won't be able to use it again later.
The main advantage it has over passwords is that it doesn't need to be remembered and can't be hacked or guessed.
Overall I think it's all dependant on the material being protected.
Fingerprint + finger veins (in 3D)
J. Nov 04, 2020
There is an article describing a possible future biometrics advancement based on infrared and ultrasonic technologies that scan not only the geometrics of a fingerprint (impressions) but also a spatial arrangement of finger veins .
The technologies themselves are not completely novel, but the combination of a 3D fingerprint scanner and a 3D vein scanner was not used before. Finger vein scanners worked in 2D, but the 3D spatial arrangement could make it almost unhackable, because not only do you have a password that contains the info about something "invisible", but it is combining two really strong technologies into an unbreakable duo.
What are the disadvantages of using finger impressions?
Shubhankar Kulkarni Oct 30, 2020
I mean using the 3D surface of the thumb (the impression) rather than the 2D print that it makes.
- Fingerprints are unique to an individual
- Although the print can be copied, the impression is tough to imitate.
- We have sensors that can detect 3D surfaces. The same can be used to detect the impressions and then unlock the device.
- An added hardware that contains the sensor for detection.
Combine face recognition with fingerprints
J. Oct 31, 2020
I remember movies where people entering secret bunkers needed to scan their eyes, face and palm. This could be something more practical, but still safe enough.
- Two highly-personal and secure ways combined result in an extremely hard-to-hack log-in solution
- No need to do extra work because
- we are already looking in the screen direction
- fingerprint scans are fast and we are used to them
- Could be slow
Use regular "digit passwords" with fingerprint as a character
J. Oct 31, 2020
Although it is not highly secure, the probability that people will give up regular passwords as a log-in option is not very high. Not all devices (especially the heap ones) support face or touch recognition. Also, people still tend to believe in their "secret numbers" more than in body parts scans, due to privacy issues. Therefore, it could be wise to combine this two.
Can you imagine the level of security if your password is not anymore just
This way, we could help traditionally-oriented people to bridge the technological gap easier and reduce the number of hacked accounts.
What about using "vocal passwords "?
Antonio Carusillo Nov 01, 2020
- Text password may be hacked easily in case of "infection" by keyboard trojan viruses which keep track of every character typed by our keyboard ( this also includes credit card security details and so on)
- Fingerprints may be an alternative but some people are reluctant to give away their fingerprints info. I don't know how they are stored and protected by the services allowing for "finger-prints" based passwords, but in case of any "robbery ", they may be used by unauthorised people ( hackers )
An alternative could be - as depicted in some movies - to use our voice to record a short sentence to be used as a password. We may imagine a software like this able to recognise specific features of a person's voice. So that the password to be correct doesn't have to match the sentence, but the sentence said in the same way the specific person says it. The password can be randomly generated by the computer and the person has just to read it. This way no chances for a hacker to simply record the voice and play it as the password will have a different sentence each time. So, to be "cracked", the person should be either a very good hacker or a very good voice imitator. This also has the advantage that the voice - at least now - it is not such sensitive information as fingerprints, faces ( face unlock systems like in smartphones ) or digital passwords are. So people may be more comfortable with sharing their "voice caption " without fearing its misuse.
A question bank full of personal questions
Jamila Nov 03, 2020
You create a bank of answers to personal questions:
- what was your place of birth?
- What was the name of the primary school you attended?
- What was the name of the secondary school you attended?
- Where did your parents meet?
- At what time were you born?
- What is your height?
- Where did you meet your partner?
- What’s your middle name?
In this idea, you get presented with five questions and answers, and you have to select which ones are true - as you will be given false answers too. After this, you can enter the passcode and get into your phone.
- It is an added security layer as the question + answer combinations will change every day and are personal to you.
- It will be time-consuming to build the question bank initially.
- Some people might know the answers because people can easily find personal information on the internet, or a close relative/friend might know - To tackle this, maybe the question bank will have more obscure questions.
Passwordless access to your everyday devices
J. Apr 09, 2021
Here I am not saying that we should not use passwords. I want to emphasize that the world moves on and the keys, physical or virtual) are becoming more advanced.
Let's take for example the unlocking of a car without using a key, called a "hands-free" remote keyless system. It refers to a lock that uses an electronic remote control as a key which is activated by a handheld device or automatically by proximity.
What if we had a remote key chip integrated into our phones, which would be connected to the phone, computer, or other devices that we often use (of course, under our consent). That way, every time we approach a computer, device, or use the phone, it detects the remote key, and check for the connection. If the key connects, that would allow a user to use the computer without physically entering the passwords, by having access and knowing the saved passwords.
Of course, the ability could be easily turned off simply by diabling bluetooth on your mobile device and then you would be required to enter all the passwords the old-fashioned way. Security add-on could be the requirement of a fingerprint scan at the beginning of the connection.