The perfect password?
This article caught my eye today: GPUs democratize brute force password hacking. Let me start off by saying that I’m not an expert in cryptography, or online security. But that didn’t stop me from having an idea…
For the average person who lives their life “online“, proper password management is one of those things that fall into the “Never skip breakfast” category. You know you’re supposed to listen, but you rarely pay attention. It’s a hassle more than anything else. Sometimes the number of email messages in my inbox that start with “You have requested to reset your password…” outnumber all others. Equally abundant are the number of applications out there that promise to handle all of your passwords so that you never have to. To my knowledge, not a single one of them has caught on (probably for fear that you might forget the password to that all-encompassing app one day).
Hollywood and hardware alike have long promised highly advanced, incredibly slick looking ways of securing access to data. Everything from retinal scanners and voice-print identification to facial recognition software has been touted as the next wave in identity protection. However, aside from appearances in commercial and military applications (and on ThinkGeek), none of these shiny gadgets are in widespread consumer use. Even fingerprint scanners haven’t really blossomed as much as once expected.
So what do you do? How do you find that sweet spot between “Idiot-proof to manage/remember” and “Fort-knox secure?”
Firstly, let’s think about the way we access secure data – email, website content, bank accounts, etc. Successfully doing so usually requires matching one value with another (username/email and a password); a pairing that in theory, is known only to the user. One remains constant and is publicly exposed in most cases (the username), while the other one (the password) changes. Methods for [humans] generating passwords usually involve remembering something unique to the user, combined with some obfuscating characters that make random guessing harder for the would-be password cracker, human or otherwise. The name of your cat using numbers for letters, plus the last four digits of your wife’s birth date. Your childhood nickname plus the number of siblings you had (multiplied by 3). Sounds reasonable, though recent reports show that some users aren’t quite so savvy:
It’s quite a hassle! Considering the number of websites and applications people access on a daily basis, it’s no wonder some people cave and do a 2-finger dance down the number row in order to generate a password that isn’t hard to remember (for the user, or the identity thief.) Well, there is an idea which I’ve always thought could pass the test of being user-friendly and relatively secure (perish the thought). It uses an existing piece of technology – Security Questions – in a slightly different way. Security Questions are usually used to validate the identity of a user that has already entered a correct username/password combination; a “just in case” measure. It’s supposed to be an easily identifiable piece of information which is also unique to the user.
There are LOTS of little bits of information like this, which we constantly keep stored in our heads. A long forgotten (and sometimes hated) nickname, the address of our favourite greasy spoon, the number of days till retirement, and so on. Well, what if passwords were done away with entirely, and the system were to ask us for 1, 2, or more of these questions from a pre-set list that you could modify at any time? The system presents you with the random question (in Captcha form if you like), you enter the correct answer(s), and you’re in. On the off chance you get one wrong, you’re given a certain number of alternates. Higher level security systems might require more answers. The benefit to a system like this is that there is no longer a 1:1 relationship between the 2 values used to authenticate a user. It can be 1:2, 1:30, 1:100…or 1:X. The number of possible question-answer pairs is up to the system architect. If they wants to get fancy, they could use any number of ways to manage the list of questions and answers. Store them separately and match them using a unique hash, or put them together in a database as an object and match them to the user, for starters.
Every time a user tries to gain access to a system, a different different question is asked. Consequently, a different answer must be given depending on what question the system asks. It’s as if you’re carrying around a set of keys and the system prompts you which lock to open. For added security, every time a question-answer pair is added to the list, an attribute of the entire list can be changed (think checksums) which makes previous attempts to crack the entire list useless. This is a lot of work up front for the user, granted. But it pays off… IF the system is designed to be portable. People HATE going through the hassle of setting up passwords for single user accounts, let alone several. So, much like importing bookmarks across browsers, there needs to be a way to shuffle the question/answer list around from app to app. Of course, portability means maintaining standards across the board, and well… we all know how well standards are adhered to on the web.
This type of security system is not fool-proof however (I challenge you to find one that is), and it will inevitably come under assault as people ask the following questions:
Q: What happens if someone guesses the answer to your security question?
A: This is no different than someone guessing your password, and only if they happen to be prompted with the appropriate question. Further, they may be able to guess one answer, but can they guess 2, 3, or more?
Q: The list of answers is still vulnerable though! People know that city names are likely the answers to questions like “Where were you born?” What good is that?
A: Simple answers in and of themselves are fairly weak, but it’s up to the user to choose multiple question and answer pairings that are both secure and easy to remember. As well, it’s up to the user to determine the format of the answers. The answer to “What city were you born in?” doesn’t have to be “Toronto.” It could be “That city I was born in”, or “Monkeytown” or “Rigel IV” for that matter. As long as it’s the answer you designated, everything’s fine.
Q: What happens if you don’t want a question in the list any more?
A: … delete it.
The fundamental difference with this concept is that the “lock” isn’t one static thing that can be pored over and studied in an attempt to break it. It constantly changes, and yet remains easy to manage. Another significant difference is that the focus isn’t on making passwords themselves harder to “guess.” Rather, it’s about changing the way we think about passwords in general, and moving away from the traditional “lock-and-key” model, in order to make accessing sensitive data a simpler process without sacrificing security.
It’s entirely possible that I’ll review this in a few months, and file the idea away on a shelf next to my plans for Hamburger Earmuffs and Electric Paperclips. But until that time, I invite your thoughts and opinions.
