Blogs & Comment

A world without passwords? Yes, please

A new military tech aims to eliminate passwords entirely and have the computer do its recognition work in the background.

Here’s a quick question: how many passwords do you have? Probably a lot. A study five years ago by Microsoft found the average Internet user had about 6.5, maintained 25 accounts that require them and typed in about eight per day. With the rise of social media since then, those numbers have probably all gone up.

At the same time, unless you’ve got Rain Man-like skills with numbers, your passwords probably aren’t all that secure. If, like me, you use the same password for a bunch of different accounts, you’re probably setting yourself up to get hacked (I’m just too forgetful to even try to remember multiple passwords).

Fortunately, the military is on it. The Defense Advanced Research Projects Agency—the same people who brought us the internet—has a program called Active Authentication that seeks to give computers the ability to identify their users. The idea is to eliminate passwords entirely, to the point where the computer does its recognition work in the background. All the user has to do is sit down and get to work.

This can be accomplished by outfitting computers with an array of biometric tools and sensors, according to program director Richard Guidorizzi. A computer could identify its user, for example, by scanning a combination of his or her fingerprint, their pattern of mouse usage and even writing style. By incorporating such biometrics, the computer could effectively build a “cognitive fingerprint” of users that would be much more effective—and natural—than remembering a whole slew of complicated passwords.

Here’s Guidorizzi explaining the idea:

It sounds wacky, but that’s DARPA’s specialty. It wasn’t so long ago that the agency was experimenting with a certain voice-recognition tool, which is now popping up all over the place.