Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Move Over ‘123456’: Passwords Go High-Tech Too

HANOVER – Internet users may before long have a secure solution to the modern plague of passwords, in which they can use visual patterns or even their own body parts to identify themselves.

HANOVER – Internet users may before long have a secure solution to the modern plague of passwords, in which they can use visual patterns or even their own body parts to identify themselves.

Developers at the world’s biggest high-tech fair, CeBIT, say that one of the biggest frustrations of having a smartphone and a computer is memorizing dozens of sufficiently airtight passwords for all their devices and accounts.

“The problem of passwords is that they are very weak, they are always getting hacked, and also from a user point of view, they are too complicated, everybody has 20, 30, 60 passwords,” said Steven Hope, managing director of Winfrasoft from Britain, the fair’s guest country this year.

“They all have to be different, no one can remember them, so everybody writes them down or resets them every time they log in. They don’t work in the real world today.”

Passwords have proliferated so much that it’s a daily struggle for users to cope with so many of them.

And as millions of Internet users have learned the hard way, no password is safe when hackers can net them en masse from banks, email services, retailers or social media websites that fail to fully protect their servers.

Many simply throw in the towel and use no-brainer codes like “123456” and “password” — which are still the most common despite how easily they can be cracked, CeBIT spokesman Hartwig von Sass said at the event in the northern German city of Hanover.

In response to the vulnerabilities and hassles of the antiquated username-and-password formula, Winfrasoft has developed an alternative based on a four-color grid with numbers inside that resembles a Sudoku puzzle.

Users select a pattern on the grid as their “password” and because the numbers inside the boxes change once per minute, the code changes too, making it far harder to hack.

“There is no way anybody could see which numbers you are looking at. You see typing numbers but you don’t know what the pattern is because each number is here six times,” Hope said during a demonstration.

Backup from body parts

Biometric data offers another alternative to seas of numbers, letters and symbols.

US giant Apple has already equipped its latest generation iPhone with a fingerprint reader to boost its security profile.

But a group of European hackers, the Hamburg-based Chaos Computer Club, demonstrated that the system could be pirated using a sophisticated “fake” fingerprint made of latex.

Japan’s Fujitsu turned to the other end of the hand and has developed an identification system based on each person’s unique vein pattern.

At its CeBIT stand, the company was showing off its PalmSecure technology on its new ultra-light laptop computer which has a small sensor built in.

Meanwhile Swiss firm KeyLemon has developed a face recognition system using a webcam.

The computer registers parts of the face, “the eyes, the eyebrows, the shape of your nose, your cheekbones, the chin…” a company spokesman said.

The person must then only sit in front of the screen to be recognized and gain access to the computer.

The system, already used by some three million people according to the company, still has a few kinks however so users must remember to take off their eyeglasses, for example, or have consistent lighting in order to pass the identity test.

“Face recognition and fingerprint recognition are additional safety security features, they will never have only face recognition or fingerprint recognition” but rather use them as a crucial backup to passwords, he said.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...