Memorising random strings of letters, numbers and symbols seems like an inevitable nuisance of internet life, but new devices currently under development could ease the burden by rendering passwords a thing of the past.
The devices – which consist either of multiple, physical keys or ‘biometric’ sensors – aim to improve digital security without relying on people to remember passwords at all.
Currently, experts in internet security recommend that every password ought to be a long, unguessable string of letters, numbers and symbols. But since most users need to remember dozens of unique passwords – for everything from internet banking to email and online shops – that recommendation can seem rather optimistic.
Dr Frank Stajano at the University of Cambridge in the UK thinks it is no surprise that people end up using the same passwords for multiple accounts, or writing passwords down on sticky notes, thus undermining their security. ‘I want to relieve the impossible burden that passwords impose on human beings,’ he said.
Backed by a grant from the EU’s European Research Council, Dr Stajano has come up with a small device he calls Pico, which works a bit like an electronic fob. Instead of typing a password into a box, you simply show the Pico to the computer, and a wireless interaction provides the authentication.
It’s not quite that simple, because there is the risk that someone can steal your Pico. That is why Pico comes with several ‘Picosiblings’ – much smaller devices that you can wear, perhaps hidden inside your wallet or shoe.
To provide authentication with a computer, website or other system, the main Pico must detect the presence of several Picosiblings. You could configure Pico to require the detection of more or fewer siblings, depending on how security conscious you are, says Dr Stajano.
To be compatible with secure websites, Pico currently requires an application, called Lens, to be installed in the web browser. The Pico Lens translates the authentication signal coming from the main Pico device into a regular password – albeit one that is so long as to be virtually uncrackable – that the website can recognise. The most common passwords in 2014 were '123456', 'password' and '12345', according to SplashData, which compiles an annual list of the worst offenders. Weak passwords like this leave people open to online fraud and 7 % of EU citizens surveyed in 2014 said they had experienced or been the victim of identity theft. While passwords are one side of the battle in cybersafety, the EU is also working on making sure that Member States and organisations ensure that their digital environment is secure and trustworthy, as part of the Digital Agenda.
The most common passwords in 2014 were '123456', 'password' and '12345', according to SplashData, which compiles an annual list of the worst offenders.
Weak passwords like this leave people open to online fraud and 7 % of EU citizens surveyed in 2014 said they had experienced or been the victim of identity theft.
While passwords are one side of the battle in cybersafety, the EU is also working on making sure that Member States and organisations ensure that their digital environment is secure and trustworthy, as part of the Digital Agenda.
In the next phase, however, Dr Stajano is developing code equivalent to Lens that is installed not in a user’s computer, but in the website itself. He says he has an agreement with a website that has millions of real users to test out this version of Pico.
‘We are actively seeking out users who are interested in the technology for its benefits, not just lab rats who will try it because we gave them ten pounds,’ he said.
Dr Stajano is sceptical of one burgeoning area of computer security – the use of biometric sensors, such as those for fingerprints. Unlike passwords, biometric information is personal to the user and cannot be changed, he says, and should not be shared thoughtlessly – for instance, by providing it to different websites.
Dr João Silva, a computer scientist at the Institute for Systems and Computer Engineering, Research and Development (INESC-ID) in Lisbon, Portugal, agrees that biometric information is problematic. But he believes it can still be put to good use in digital security – so long as it doesn’t leave the user’s hands.
Supported by over EUR 3 million from the European Commission, Dr Silva and his colleagues are developing a device that looks like a smartphone case – a ‘Personalised Centralized Authentication System’, or PCAS.
Unlike a normal case, however, PCAS contains several biometric sensors: a camera on the front for face recognition; a camera on the side for palm-print recognition; and a motion sensor which recognises a user based on the unique way he or she moves the smartphone around.
By recognising a user’s face, palm print and motion signals, PCAS might one day be able to unlock computers, websites and smartphone apps. In the short term, however, Dr Silva has a more specific goal in mind: the storage and transfer of highly personal data, like medical records and bank details. ‘I want to relieve the impossible burden that passwords impose.’ Dr Frank Stajano, University of Cambridge, UK
‘I want to relieve the impossible burden that passwords impose.’
Dr Frank Stajano, University of Cambridge, UK
PCAS has its own memory and processor, which means the biometric information used to unlock it never leaves the device, even when authenticating the user to remote services. This should put at ease those who are concerned about governments or private companies storing private data, says Dr Silva.
Having personal data close at hand might also empower the user, he says. In some countries, personal data like medical records cannot be transferred between institutions without filling out lengthy forms. PCAS opens up the possibility of the user transferring the data themselves.
But what if someone attempts to steal the data, for example by coercion? Stay calm: a second hand gesture, defined by the user, can secretly alert PCAS’s service provider to illicit activity.
Like Dr Stajano, Dr Silva wants his hi-tech smartphone case to eliminate the need for passwords, which he believes are a growing problem. ‘People reuse passwords,’ he said. ‘People don’t like to memorise.’
A team of experienced science divers has created the world’s first submersible touchscreen for a tablet computer, whose applications are already helping marine scientists, law enforcement, explorers and other professionals toil beneath the waves and could usher in a new era of underwater ICT.
In 1984, after HIV was identified as the cause of AIDS, the US secretary of health, Margaret Heckler, declared a vaccine would be found within two years. Reports of a mysterious virus predominantly affecting gay men had been growing across the US and, with awareness rising, the World Health Organization had held its first conference to address the global situation earlier that year. But there was still little understanding of how the disease evolved and spread.
From droughts and forest fires to floods and big freezes, extreme weather events are on the rise. But to what extent are these linked to climate change? Just months before the world’s first wind monitoring satellite enters orbit, scientists have finalised a climate model with exceptional resolution, and the new tools will help identify how climate change impacts weather-related natural disasters like storm surges, hurricanes and heatwaves.
Two teams of scientists are racing to develop effective prevention.
Scientists are exploring the link between severe weather and climate change.
Co-author of Stephen Hawking's final paper talks about how their work goes beyond Einstein.