DARPA seeks to free the world from passwords | ExtremeTech

Trying to remember complicated “secure” passwords may be a thing of the past if the Defense Advanced Research Projects Agency (DARPA) gets its way. The research arm of the US military is putting a call out to developers to begin work on software applications that will allow a computer system to identify a user by analyzing the way they type, instead of using the traditional password method. A novel idea that has its roots back when Morse code was the de facto standard for communications across the world.

In the early twentieth century, experienced Morse operators had distinctive traits to their signaling, called their “fist,” that would help to confirm their identities to people familiar with their style (i.e. Allied or German forces trying to crack radio communications). Think of it as handwriting identification for sounds. For example an operator could by habit elongate an individual character or word, or hang for a certain amount of time between words. Just like your middle school teacher could tell when you forged a note from home, Morse operators could tell when a message was coming from a person they usually dealt with or from a new person in the loop. This was also used to rate an operator’s transmitting skill. If they had clean messages that were easy to copy they were called a “Good Fist,” but if they transmitted poorly and made life hard on the receiving operator they received the label “Bad Fist.” DARPA is looking for a similar identification method for computers; it wants terminals to be able to identify your fist and use that as a pass phrase rather than having you create insecure passwords that are easy to remember.

The idea’s theory rests on the study of something called “keyboard dynamics.” Researchers at Carnegie Mellon University have observed people’s typing habits, and have identified that the methods of motion we have developed are not controlled by deliberate thought, but through learned motor controls. Their studies conclude that a potential hacker or thief would have a difficult time cracking and emulating your style, and that it would be more than capable of providing secure access to sensitive services.

Fingers on keyboard… (to buy Cyber Monday specials)The problem with passwords in this age of high connectivity is that phrases that are considered secure are usually very hard for a person to remember. “6tFcVbNh^TfCvBn” is an example of a password that passes DARPA’s security check, but would be a nightmare to try to commit to memory. This leads users to either create simple combinations of numbers and letters that are significant to their lives, or to put the complicated passwords on paper. Of course, both methods are incredibly insecure, but add in the fact that the average user uses the same password for everything (you do have unique passwords for all your services right?) and you have a security nightmare on your hands.

While I am all for creating a way that I don’t have to remember every single password for all the services I use, I am a bit skeptical about how long this method will actually stay secure. In my experience, there isn’t a security scheme in the world that hasn’t been cracked or duped in some way. Take for example the famous Life Lock case, where the CEO put his Social Security number on billboards around the US, claiming that no one could steal his identity. It took about two months for several individuals around the internet to crack and harass the man with junk mail, credit card applications, and Viagra samples. My question is how would this identification system stand up to a simple keylogger? It’s pretty simple to be able to record keystroke timings over a long period of time for analysis then emulation, so what kind of security would be applied in conjunction to make sure that it’s you and not some other punk trying to get your info?

A password perhaps?

Read more at The New York Times or DARPA

via DARPA seeks to free the world from passwords | ExtremeTech.

Hacked and Hijacked! How to Save Data if Your Portable Device Is Stolen

Symptom:

You reach into your pocket or bag, and, well, it’s empty!

Diagnosis:

Beyond the understandable distress of losing a pricey smartphone, laptop or tablet PC, the real trauma is the sudden and unfettered access afforded to the slippery-fingered jerk who took it. The cost of a new laptop is meager compared to the personal and even financial havoc that a motivated thief can wreak with the data stored on a typical portable device.

While a laptop is obviously the holy grail of data, consider all the apps you’ve installed on a smartphone or tablet that auto-login at the poke of a finger: e-mail, Facebook, Twitter, texts, address book, photos, videos, et cetera. And don’t forget the passwords and account numbers for bank accounts and credit cards — not to mention any business-related data you may lose if it’s a company device.

via Hacked and Hijacked! How to Save Data if Your Portable Device Is Stolen.

Global Spam Volume on the Decline, Report Shows

Hey, here’s some good news: it looks like spam is on the decline. According to Symantec’s latest State of Spam and Phishing report, the volume of spam and junk mail in circulation around the world has been decreasing steadily since August, and dropped noticeably around Christmas. No one has a concrete explanation for the drop-off, but Symantec’s Eric Park suggests that the demise of major botnets may have played a role.

The notorious Rustock botnet, for example, virtually disappeared after December 25th. Once the most powerful botnet in all the land, Rustock now accounts for less than 0.5-percent of all the world’s spam. Two other big-time botnets, the Lethic and the Xarvester, have also gone mysteriously quiet in recent weeks. So, why did these botnets suddenly stop spamming? No one knows. But, until they start up again, we should all enjoy our (relatively) clean inboxes while we can.

via Global Spam Volume on the Decline, Report Shows.

Go to top
%d bloggers like this: