Could Color Wheels Make for Easier, More Secure Passwords?




The password as we know it is in critical condition. These days, with big-name security breaches popping up seemingly as often as Justin Bieber scandals, we’ve had to try to find new ways to secure our online identities. One finger in the dike has been the “strong” password, or the practice of sprinkling numbers, symbols and capital letters into our codes. If “spike” could be guessed with a simple brute force attack, perhaps “Sp1ke!” leaves us a bit safer.


Of course, strong passwords have the same inherent problems as all passwords. As WIRED writer Mat Honan, himself the victim of a devastating hack, evocatively put it, they’re a “Band-Aid that’s now being washed away in a river of blood.” Still, in the here and now, there’s another problem with these so-called strong passwords, according to design student Renee Verhoeven. It’s something much simpler. “People can’t remember them,” she says.


That’s precisely what she tried to tackle with “ID Protocol,” her graduation project at the Royal College of Arts in London. For the project, Verhoeven created a conceptual series of password tools that scrap letters and numbers in favor of personal, mnemonic codes. Mnemonic memory devices have been around in some form or another since the ancient Greeks, and include basic everyday memory tricks like acronyms and rhymes. Teachers love them: Remember committing My Very Educated Mother Just Served Us Nine Pizzas to memory, to remember the order of the planets?


Verhoeven did some homework on mnemonic memory, and found that there are three main pillars: “Movement, because muscle memory is a really personal memory, because you can’t steal it and it’s based on training,” she says. “The second group is synesthesia, so I looked at studies in differences in perception and memory, and interpreting a code as a texture or a sound. The last is based on making a story. One of the most common existing mnemonics is making a story out of existing words.”


All_passes

Renee Verhoeven



ID Protocol taps all of them. It’s just a concept for now, but here’s how it works: A user gets to select one of the ID Protocol passes. The card-like device plugs into a computer with a USB stick. On the user’s end, there’s a physical interface that can be reconfigured in nearly infinite ways. Verhoeven created several passes that use different sensory cues, so some are based on color recognition, others on storytelling, and others on pattern-making and muscle memory. Rather than choose a jumbled chain of letters, for instance, users could use a color wheel to create a three-hue pattern, like a more visual combination lock. Or they could arrange a little cast of figurines to tell a story. The software used to unlock a computer would go unchanged; the only difference is on the user’s end.


We’ve started to see advances in password design. On mobile, Android uses a form of muscle memory by asking users to draw a pattern for their PIN. The iPhone 5 needs a fingerprint to unlock its screen. Two-factor authentication adds a heavy layer of security by confirming your identity through a second device.


These come with their own problems. PINs are easy to guess if you use birthdays or simple patterns as a code (plus, it looks like Google Glass wearers can sneakily steal them from several feet away). And while less prone to theft, Verhoeven points out that biometric security systems don’t allow users to get new passwords. The crux of ID Protocol is giving some agency back to the user. Though you could say they’re a bit fanciful, it can’t hurt to look at ways we might humanize passwords and security going forward.


Verhoeven started thinking critically about passwords after she taught herself how to pick a padlock. It was surprisingly easy to do. Shortly after that, she entered the Future of Money Design Award competition and handed in a concept that imagines a world where our online identity, not money, determine our value in society. The work got her thinking about the many expressions of our online selves: “The way we access our identity is with a password,” she says. “I want people to choose their own system. Companies decide for you that you have to use their log in. Maybe you prefer color, maybe your prefer sound, or gesture, but I really hope [companies] realize there’s an alternative way to logging in.”



No comments:

Post a Comment