Imagine a whole new type of password -- one that lets you dispense with all those numbers, letters and symbols, but is still impenetrable to attackers.
Researchers at Britain's University of York and the University of Glasgow have created a new password system that could one day allow users to access their bank accounts, their phones or their favorite websites simply by picking out a familiar face from a grid of nine faces, four times in a row.
They call the system Facelock, and according to a new study published in the journal Peer J, it is teeming with benefits. Most impressively, users were able to log into a test system using Facelock after not using it for an entire year. Imagine remembering a traditional, complex password for that long!
Facelock is not the first password system to experiment with graphical elements. A system called Passfaces requires a user to pick out a photo of someone they know from a grid of faces. But Facelock has an important difference. The images in the Facelock system are always changing -- even the image of the familiar face.
The research team explains that people do not recognize all faces equally. We have no trouble identifying a familiar face across a series of different images that range in quality. On the other hand, when a face is not familiar to us, we are likely to think that different images of the same person are actually images of different people.
This well-studied psychological phenomenon can be frustrating to police when they ask a witness to identify a person caught in a fuzzy security camera tape, but in the case of Facelock, the researchers were able to exploit it for the good of frustrated password users. They proposed that even if a nefarious "shoulder surfer," who was spying over a user's shoulder when that user selected a familiar face, would have trouble picking out the same person in a different image.
To test this hypothesis, they asked 120 volunteers to come up with between four and 10 different people whose faces would be familiar to them, but not to most people. Specifically, the researchers asked participants to come up with a "Z-list celebrity" -- someone for whom there would definitely be pictures on Google Images, but who was only known to a narrow group of people. Perhaps a famous skier, or a well-regarded cello player.
After the Z-list celebrity had been selected, the volunteers were asked to log into a website using the Facelock system. The idea was that one face in each of four grids would be familiar to the volunteer, but none of the faces would be familiar to an attacker. One week after having selected their familiar faces, 97.5% of participants had no problem logging on. One year later, 86.1% of participants were still able to choose their Z-list celebrity's face, no problem. (continued...)
© 2014 Los Angeles Times (CA) under contract with NewsEdge. All rights reserved.
Posted: 2014-06-30 @ 10:47pm PT
It appears that you reported about the re-invented wheel. The same technology has been around for more than several years in a much more sophisticated way as shown in the following videos.