Never mind all of the horrible NSA revelations that have been coming out since this summer, but with the recent news that the free open-source software Hashcat is now able to crack passwords of up to 55-characters in length, security experts are hard at work trying to come up with a method of authentication to replace passwords.
In case anybody needs any further proof that password-based user authentication (using passwords to uniquely identify users), this story, by Matt Honan, about himself, outlines completely how passwords fall short, and what can happen when they do. In short, Matt had his entire digital life completely erased in a matter of minutes, because he was relying on passwords. Read the full article over here at Wired.
My designed experience project will be to create a complete solution to password-based authentication. As such a complete solution does not exist, I will be creating a completely new product for my ART307 Designed Experience final project. Therefore, I did not have much in the way of content that I could pull from elsewhere online, so I went ahead and created a blueprint and outline of what I intend my product to be.
I present to you my Personal Authentication Camera (PAC) device:
In the above mockup, I outline the complete hardware featured on my device. Details of each component are given below:
The normal + infrared camera will be used to scan the user’s unique iris signature using infrared rays, read the user’s heartbeat (which is also unique to the individual), as well as other key (and unique) facial features. This camera is the bulk of this peripheral, as it will be what is used to uniquely identify each user of the device.
The status indicator light is used to indicate to the user the status of the authentication scan.
The power button turns the device on, which causes it to begin scanning. Press it again to turn the device off, which completely locks all of the accounts the user was logged into, as well as the device the PAP is interfacing with.
The mini-USB port, along with the device’s Bluetooth capabilities, are the crux of this peripheral, enabling it to be used with practically any device that has a USB port or uses Bluetooth. This extends your secure authentication access to not just your computer, but to your smartphone, your tablet, your ATM, and whatever else you can think of!
The device is run on a built-in, rechargeable lithium-ion battery. A mini-USB charger is used to charge this device (included with purchase).
With this device, I present a complete solution to the problem that is passwords and password-based authentication. This solution can be implemented into a wide range of devices thanks to its USB and Bluetooth connection options, which makes it helpful to nearly all users of today’s technology, without forcing them to buy all new hardware just to protect their digital identities.
Research and other relevant links:
- Anything from https://xato.net/
- (Most) anything from http://www.reddit.com/r/Passwords/
- Password facts: http://www.freeauth.org/passwords
- http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
- http://www.macworld.com/article/2014039/what-you-don-t-know-about-passwords-might-hurt-you.html
- http://techland.time.com/2013/08/08/google-reveals-the-10-worst-password-ideas/
- http://www.theregister.co.uk/2012/07/20/password_reuse_survey
- http://www.socialable.co.uk/wp-content/uploads/2012/06/password-protection-infographic1.jpg
- http://www.graphs.net/wp-content/plugins/php-image-cache/image.php?path=/wp-content/uploads/2013/02/Facts-about-Passwords-160.png
- http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/
- http://news.discovery.com/videos/passwords-suck-new-tech-provides-better-security.htm
- http://mashable.com/2013/09/03/heartbeat-password/
Update (10/21/13): updated device’s name to most recent codename: PAC.