Facebook PixelWhat are better alternatives to using a password to log in?
Brainstorming
Brainstorming
Create newCreate new
EverythingEverything
Sessions onlySessions only
Ideas onlyIdeas only
Brainstorming session

What are better alternatives to using a password to log in?

Image credit: Photo by Pixabay from pexels.com

Loading...
Shubhankar Kulkarni
Shubhankar Kulkarni Oct 30, 2020
Please leave the feedback on this session
Necessity

Is the problem still unsolved?

Conciseness

Is it concisely described?

Looking for better alternatives to log into your accounts online.

Every new hack will definitely have a counter-hack. What we can do is minimize the incidents of counter-hacking by improving the complexity of the hack or making it more and more person-specific. We have been using digital passwords since the beginning. We see accounts getting hacked.

Another disadvantage of using passwords is remembering them, and also remembering the answer to the security question. Saving passwords on your devices is a loophole, too.

This will be more and more important when the software to modify sound and images get popular (deepfakes). Sound-enabled and photo-enabled access will, therefore, not work.

What other ways can you think of to reduce (ideally, eliminate) hacking?
13
Creative contributions

Security in a Nutshell

Loading...
TM
Tony Maniaci Feb 07, 2021
I work in security and design safe locks. This is a subject that designers have struggled with since ancient times. Authentication and Security is based on one of three fundamental sources for an HMI (human-machine interface).

A. What we Know - PIN Codes, Passwords, Key Phrases, etc.

B. What we Have - Keys or Tokens, both mechanical and digital, with physical contact or touch-free detection.

C. What we Are - Biometrics, biological detection of individual unique attributes. Finger/Hand print, Retinal or Iris scan, Facial Recognition, Voice print, DNA, etc.

Higher levels of authentication are generally achieved by combining two or three of these options and/or doubling up on methods. Exotic Detection systems are very expensive and can be influenced by fouling and environmental conditions.

One of the methods I have wanted to employ, but never got buy-in… A Scrambling Keypad. A dynamic code entry method that uses a PIN Code -without- a physical repeating Pattern. The concept is very simple:

Numbers appears in a grid, but the numbers are not sequential. Example:

5 2 6
4 9 1
3 8 0
_ 7 _

You have a known numeric PIN Code, the longer the better, but at least 4 digits.

Each time you enter a digit selection, you have to find that number and touch it.

Each time you touch a digit, a new scrambled grid appears to select the next digit. You then have to look and find the next digit in your code. When you have entered all your digits, it automatically authenticates your PIN code. Better yet, the last touch is an ENTER button so that the length of your PIN is obscured which makes code testing more difficult because the PIN length is unknown.

Advantages: There is no pattern to detect with forensic methods. Distant onlookers can’t use pattern recognition to repeat the entry. No optical or other secondary sensors are required.
Please leave the feedback on this
Loading...
Darko Savic
Darko Savic9 months ago
Similar solutions are used with crypto wallets (Mycelium, Samurai, Keepkey) however they don't scramble as you type. Instead, they display the numbers in a different/unique sequence every time before you begin.
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarni9 months ago
I see a decent amount of retailers using card machines that scramble the numbers every time you begin entering the pin. Scrambling the numbers after entering every digit seems like an added layer of protection. Thank you, Tony Maniaci !
Please leave the feedback on this

Pixel compartmentalization

Loading...
Anja M
Anja M Nov 02, 2020
I know this will sound complicated at first, but it is actually so more in a written explication than in a real usage. So, imagine all of the pixels of your screen as a homogenous whole. but once you access a password creation section you can virtually divide the screen to the shapes, sizes and numbers of "cells" you want. Then, you get to decide whether you want to use the lines or cell space for creating your password. So, if you have a grid and decide to simply tap the fields in the order you decide, it's still good because you lessen the chance of somebody knowing the layout you chose. (Pic 1) Also, if your grid is easy enough, or if you are quite self-confident, you can choose the screen to appear blank before you, without the grid with only a "type your passcode" message so you tap the screen in within the places of the cells you created.


Another option is to choose to tap the lines of your chosen layout in the direction you choose, so this version additionally diminishes the chances of somebody cracking it. (Pic 2) Also, it is user friendly enough, since the basic concept of choosing the connecting order of 9 dots exists on many models now.


Also, for both types: The software will work like vectors in Adobe illustrator, which means: every line you draw, be it a straight line or a curve (e.g.for a circle) will automatically be made straight and neat. In any case, both lines and cells occupy a certain and exact place on your screen, so like I said, if by any chance you happen to remember the exact spots and don't need a grid displayed, you are somewhat of a mini-savant hacker yourself. B-)
This is a very impromptu idea, but I guess it's actually easy and user-friendly enough, so I am open for suggestions for its enhancement. :)
Please leave the feedback on this
Loading...
Povilas S
Povilas Sa year ago
So this is basically and updated version of what already exists as a password alternative on most smartphones, giving some more freedom to create and adjust things yourself:)
Please leave the feedback on this
Loading...
Anja M
Anja Ma year ago
Povilas S Yes, that is correct. I think we occasionally easily dismiss these rather simple solutions, but in fact a bit of an update could make them even more difficult for cracking than it seems.
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
I like the idea (if I have understood it correctly; I could not read the text in the images). I get the first part. In the second one, you intend to draw lines to divide the screen into irregular shapes? So, is the password drawing the lines or tapping the shapes made by the lines in a specific order? In any case, it is a good idea. The only disadvantage I see is remembering the order or the pattern.
Please leave the feedback on this

Use fingerprint combinations

Loading...
J
Juran Oct 31, 2020
The idea is to use not only one reading of the fingerprint but a few. That adds a new security dimension that hackers must, not only hack one fingerprint but more of them. Even better, they need to hack it in the right order.
Advantages:
  1. As above mentioned, fingerprints are unique to an individual
  2. More fingerprints are harder hackable than one
  3. Creating unique fingerprint combinations
Disadvantages:
  1. Combinations also forgettable if too long
  2. Problems when we change fingerprint due to injury
Please leave the feedback on this

Face recognition with blink patterns

Loading...
J
Juran Oct 31, 2020
This one is very challenging and abstract, but cool.

Advantages:
  1. Added security
Disadvantages:
  1. Could be slow
  2. Blink patterns can be forgotten
Please leave the feedback on this

Physical keys

Loading...
Spook Louw
Spook Louw Apr 21, 2021
I think fingerprint recognition is a great security measure, hard to replicate, always on you and the technology seems to be sufficient.

If, however, the material being accessed is extremely sensitive or more than one person needs regular access to it, physical keys seem like a good option.

It could be coded to match a specific code that unlocks the device and the only way to access the material would be to have one of these "keys" near the device.

There are obvious drawbacks - 1. Keys get stolen, misplaced or forgotten
2. It's another physical object you have to carry along with you. (Unless you get the key implanted somewhere on your body)

The main advantage it has over fingerprint recognition systems is that you could give it to someone else to use when needed, but unlike a password, they won't be able to use it again later.

The main advantage it has over passwords is that it doesn't need to be remembered and can't be hacked or guessed.

Overall I think it's all dependant on the material being protected.

Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarni6 months ago
You can get the key tattooed if you want to. That way it stays on your body. The scanner will detect the ink and the pattern. So, anyone with a photo of your key will not get access. The person will have to tattoo it.
Please leave the feedback on this

What are the disadvantages of using finger impressions?

Loading...
Shubhankar Kulkarni
Shubhankar Kulkarni Oct 30, 2020
I mean using the 3D surface of the thumb (the impression) rather than the 2D print that it makes.

Advantages:
  1. Fingerprints are unique to an individual
  2. Although the print can be copied, the impression is tough to imitate.
  3. We have sensors that can detect 3D surfaces. The same can be used to detect the impressions and then unlock the device.
Disadvantages:
  1. An added hardware that contains the sensor for detection.
Please leave the feedback on this
Loading...
TM
Tony Maniaci8 months ago
Fingerprint recognition is already a highly evolved technology. Current state-of-the-art leans mostly on capacitive touch. This method is inexpensive, compact, easy to implement, and is used widely in security devices. Essentially this is a 2D pattern translated into a coordinate point matrix dataset. Other enhancing technologies are added for higher levels of security: a. Infrared imaging to map underlying bio-structure like circulatory structure. b. 3D image scanning to not only map the ridge surface pattern, but the three-dimensional characteristics of the ridge patterns. c. Life detection, active pulse/circulatory monitoring techniques. d. Advanced haptic or active response mapping.

Other biometric methods have parallel degrees of complexity, speed and cost.

Computing power, response time and memory allocation are the limiting factor in biometrics. Clearly, the more data you gather, the greater the dataset size for a given identity stored. This translates to slower response and greater computing power to resolve an identity. For the casual user, if the identity is not resolved in well under 1 second, there tends to be a high level of frustration from the latency. The typical target is to process and respond to a biometric scan in less than 500 milliseconds (1/2 second).

So, there is a huge trade-off decision when selecting biometric security options. Fast and easy represents low security -or- considerable computing power and memory allocation. High security is therefore far more expensive to manage with higher resolution pattern complexity, and mapping additional sensor capabilities, so it places a burden to process and authenticate very quickly.

Overlapping all of this is the general problem with consistency of the subject’s identity feature set. Fingerprints are obscured by injury and wear, images are altered by makeup, injury or just a bad day after a bender. Sensors are fouled by environmental exposure and handling. In general, the biometric landscape is always highly dynamic and unpredictably changing, making precision detection far more difficult. Better security always results in higher rates of rejection.

In the end, any time the User has the opportunity to dumb-down the sensitivity, they tend to turn the controls parameters down to the minimum. The User will always trade off security for convenience. High reject rates due to precision requirements aggravates users. In safe lock technology, we provide a graduated detection precision. In every single case, the client/administrator selects the lowest security setpoint available to accommodate user complaints - without exception.

Our immersive gadget obsession has established that devices work for the convenience of the user and dismiss any security trade-offs. So, we can talk about advancing various forms of biometric security, but in reality, the debate is more about the computing power, memory and how much security you can cram into a 400 millisecond processing burst.

Please leave the feedback on this
Loading...
J
Jurana year ago
I was thinking about the impression (3D fingerprint) a bit and I unfortunately think it is not novel.

Already in 2011 there was a paper suggesting the usage of infrared technology to detect the position of finger veins and fingerprint geometry using near infrared imaging (https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3231585/).
Then, if you check the Apple Touch ID technology, it works in a way that it passes a small current through person's epiderms, recording the fingerprint. It makes mathematical representations of your fingerprint, which improves with usage. It sounds like hardcore 3D-imaging already.
Recently, Apple apparently started working on a new technology that would produce shortwave infrared light and make a fingerprint 3D representation using the reflected light (https://gadgets.ndtv.com/mobiles/news/apple-in-display-infrared-fingerprint-scanner-patent-us-iphone-ipad-touch-face-id-2320521). They describe that that is the usual way how infrared sensor works, ut now it will be an in-display feature.

I also commented below that it would be nice to develop a small sonar to detect 3D surface of a fingerprint, but it is already there. There is a paper from 2019 reviewing the ultrasound technology which can already compete with other biometric methods, because of its advantages in the 3D surface detection accuracy (https://pubmed.ncbi.nlm.nih.gov/31137504/).
Also, in the article about infrared fingerprint scanning referenced above, authors also refer to ultrasonic technology that detects ridges and valleys of the fingerprint using sounds and is already present in Samsung Galaxy S10 and S20 series.

So, this (https://www.samsung.com/global/galaxy/what-is/ultrasonic-fingerprint/) is maybe the best representation of your idea about impressions (if I got it right).
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
One password (impression) to unlock them all (apps): Imagine your phone has an impression lock. Once you unlock your phone, all your apps get unlocked and you can use them. There can be a backup password. If someone uses your password and unlocks the phone, they cannot access any of your apps. Apps need the impression to unlock.
Please leave the feedback on this

Combine face recognition with fingerprints

Loading...
J
Juran Oct 31, 2020
I remember movies where people entering secret bunkers needed to scan their eyes, face and palm. This could be something more practical, but still safe enough.

Advantages:
  1. Two highly-personal and secure ways combined result in an extremely hard-to-hack log-in solution
  2. No need to do extra work because
  3. we are already looking in the screen direction
  4. fingerprint scans are fast and we are used to them
Disadvantages:
  1. Could be slow
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
Face recognition is laden with opportunities to clone. The attributes of humans that leave a memory easily are easy to imitate. What I mean by that is, for example, your face can be remembered by others, they can capture an image using a camera and that is the memory that stays. It can be modified and used to crack your account keys. That is why I thought of impressions. Impressions leave no kind of memories, at least, today. A photo, again today, cannot be that highly resolved to measure the undulations on one's finger. Even if we touch a surface, we leave behind a print but not an impression.
Please leave the feedback on this
Loading...
J
Jurana year ago
Shubhankar Kulkarni I am not sure I understand what you mean by impressions. How would you record an impression?
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
Juran K. Just like an electron microscope recording the surface pattern of a bacterium. Fingers leave a fingerprint since there undulations on the skin surface. The impression is the data on not just the print pattern but also the surface properties (depth of the trough, breadth of the ridges, size and depth of the pores, etc.) (https://www.google.com/search?q=finger+print+parts&sxsrf=ALeKk03CR4dT-5HakfDYNq4II6l6LsJ0HQ:1604319563776&tbm=isch&source=iu&ictx=1&fir=uK8Aw7UbdK942M%252CTyEWF_QAZPrIzM%252C_&vet=1&usg=AI4_-kQ9VDPdZLySfXhWyK8RtSJ6dvaspw&sa=X&ved=2ahUKEwiV0NGN7OPsAhXq4nMBHTFGAVkQ9QF6BAgIEEU&biw=1517&bih=666#imgrc=uK8Aw7UbdK942M).

There are different techniques that can be used:
https://www.optex-fa.com/products/photo_sensor/bgs/bgs_dl/
https://www.nature.com/articles/srep23551
Please leave the feedback on this

Use regular "digit passwords" with fingerprint as a character

Loading...
J
Juran Oct 31, 2020
Although it is not highly secure, the probability that people will give up regular passwords as a log-in option is not very high. Not all devices (especially the heap ones) support face or touch recognition. Also, people still tend to believe in their "secret numbers" more than in body parts scans, due to privacy issues. Therefore, it could be wise to combine this two.

Can you imagine the level of security if your password is not anymore just
12345678,
but
1234(fingerprint)5678?!

This way, we could help traditionally-oriented people to bridge the technological gap easier and reduce the number of hacked accounts.


Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
I like the idea of adding another dimension (digits, fingerprints, impressions, etc.) to the password. It increases the complexity multi-fold since now we can play around with it - just like you mentioned, there can be a specific order in which you can use the digits and implant voice/ fingerprints/ impressions among the digits. Fingerprints can be imitated more easily than impressions; hence, I am more inclined to add impressions to the password. The only other problem I see using this is remembering the password. Although with multiple dimensions, even easy passwords would be hard to guess; so that is a plus.
Please leave the feedback on this

What about using "vocal passwords "?

Loading...
Antonio Carusillo
Antonio Carusillo Nov 01, 2020
  1. Text password may be hacked easily in case of "infection" by keyboard trojan viruses which keep track of every character typed by our keyboard ( this also includes credit card security details and so on)
  2. Fingerprints may be an alternative but some people are reluctant to give away their fingerprints info. I don't know how they are stored and protected by the services allowing for "finger-prints" based passwords, but in case of any "robbery ", they may be used by unauthorised people ( hackers )
An alternative could be - as depicted in some movies - to use our voice to record a short sentence to be used as a password. We may imagine a software like this able to recognise specific features of a person's voice. So that the password to be correct doesn't have to match the sentence, but the sentence said in the same way the specific person says it. The password can be randomly generated by the computer and the person has just to read it. This way no chances for a hacker to simply record the voice and play it as the password will have a different sentence each time. So, to be "cracked", the person should be either a very good hacker or a very good voice imitator. This also has the advantage that the voice - at least now - it is not such sensitive information as fingerprints, faces ( face unlock systems like in smartphones ) or digital passwords are. So people may be more comfortable with sharing their "voice caption " without fearing its misuse.
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
Voice, according to me, is pretty easy to record and copy. You can record while the other person is talking (in person, over the phone, live video-chat) anywhere and everywhere when the person talks. There are AI based tools that can imitate your tone from the lowest number of possible recorded words. So when the system asks you to say a randomly generated key phrase, the machine can, possibly, use your voice and say the phrase. For exampl, they proclaim that you can clone a voice within 5 seconds using this device (https://medium.com/syncedreview/clone-a-voice-in-five-seconds-with-this-ai-toolbox-f3f116b11281#:~:text=Montreal%2Dbased%20AI%20startup%20Lyrebird,only%20a%20few%20audio%20samples.).
Please leave the feedback on this

A question bank full of personal questions

Loading...
Jamila
Jamila Nov 03, 2020
You create a bank of answers to personal questions:
- what was your place of birth?
- What was the name of the primary school you attended?
- What was the name of the secondary school you attended?
- Where did your parents meet?
- At what time were you born?
- What is your height?
- Where did you meet your partner?
- What’s your middle name?

In this idea, you get presented with five questions and answers, and you have to select which ones are true - as you will be given false answers too. After this, you can enter the passcode and get into your phone.

Advantage
  • It is an added security layer as the question + answer combinations will change every day and are personal to you.
Disadvantages
  • It will be time-consuming to build the question bank initially.
  • Some people might know the answers because people can easily find personal information on the internet, or a close relative/friend might know - To tackle this, maybe the question bank will have more obscure questions.
Please leave the feedback on this

Passwordless access to your everyday devices

Loading...
J
Juran Apr 09, 2021
Here I am not saying that we should not use passwords. I want to emphasize that the world moves on and the keys, physical or virtual) are becoming more advanced.

Let's take for example the unlocking of a car without using a key, called a "hands-free" remote keyless system. It refers to a lock that uses an electronic remote control as a key which is activated by a handheld device or automatically by proximity.

What if we had a remote key chip integrated into our phones, which would be connected to the phone, computer, or other devices that we often use (of course, under our consent). That way, every time we approach a computer, device, or use the phone, it detects the remote key, and check for the connection. If the key connects, that would allow a user to use the computer without physically entering the passwords, by having access and knowing the saved passwords.

Of course, the ability could be easily turned off simply by diabling bluetooth on your mobile device and then you would be required to enter all the passwords the old-fashioned way. Security add-on could be the requirement of a fingerprint scan at the beginning of the connection.
Please leave the feedback on this

Logging in via a crypto wallet

Loading...
Darko Savic
Darko Savic Aug 19, 2021
Signing into various websites via your crypto wallet is becoming a thing. I predict it will be the norm in the future.

Anyone can create an identity based on cryptography. There is no 3rd party or authority to get approved by. This also means there is no recourse if you lose your crypto keys (seed words). A few popular wallets that are popularly supported for log-in purposes are Myetherwallet and Metamask. There are others too.
Please leave the feedback on this

Fingerprint + finger veins (in 3D)

Loading...
J
Juran Nov 04, 2020
There is an article describing a possible future biometrics advancement based on infrared and ultrasonic technologies that scan not only the geometrics of a fingerprint (impressions) but also a spatial arrangement of finger veins .

The technologies themselves are not completely novel, but the combination of a 3D fingerprint scanner and a 3D vein scanner was not used before. Finger vein scanners worked in 2D, but the 3D spatial arrangement could make it almost unhackable, because not only do you have a password that contains the info about something "invisible", but it is combining two really strong technologies into an unbreakable duo.

[1]https://www.gizmochina.com/2020/09/30/smartphones-new-3d-biometric-scan-finger-veins/

Please leave the feedback on this

Add your creative contribution

0 / 200

Added via the text editor

Sign up or

or

Guest sign up

* Indicates a required field

By using this platform you agree to our terms of service and privacy policy.

General comments

Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
I initially thought of quick blood (DNA) test, but:
1. It is hard to make it "quick".
2. I remembered a scene from the movie GATTACA where they attach a small blood bag from a different source under a fake thumb skin. The blood from that bag gets tested instead of the person who is wearing the fake skin. So there is already a way around it.
Also, acquiring someone else's blood is easier given the growing number of blood tests we do and also due to blood donation.
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
1. The same goes for retinal scanners. Lenses can be used to mimic other's retina.
2. Face? - We all know how easily that can be changed.
Please leave the feedback on this
Loading...
Martina Pesce
Martina Pescea year ago
Shubhankar Kulkarni you literally wrote what I was thinking! 😂
Please leave the feedback on this
Loading...
Shubhankar Kulkarni
Shubhankar Kulkarnia year ago
Martina Pesce DNA is the most personal you can get. 😁 I started from that and then went downward.
Please leave the feedback on this
Loading...
Povilas S
Povilas Sa year ago
Shubhankar Kulkarni The ultimate conclusion - everything can be hacked and there's no way around it :D There's another movie "Minority Report" where the protagonist transplanted his eyes for the same reason. That's about as hardcore as you can get :D
Please leave the feedback on this