A newly proposed app that is based on the strengths of human memory has been initially tested and shown to improve password memory and to improve security versus present methods of password recognition.
The basis of the new system is the human ability to recognize faces even in photographs of extremely low quality. Facial recognition has been documented as an extremely reliable human characteristic. The basis for computer security is the almost infinite number of photos of individuals available. The system has been named Facelock.
The user selects a total of nine photos. The photographs can be friends, family, a favorite musician, a historical figure, or any person. The simplicity of the logic is that the user has to remember only one face of the nine. The user enters their password by touching the predefined photo. The durability of the system is inherent in the human mind’s ability to recall faces accurately over time. This structure eliminates the need for more complex passwords as internet thieves become more adept at manipulating software.
The initial tests of the Facelock system show users had a 99.7 percent level of memory of the password photo. Memory declined by nine percent if the user did not use the photographic password for a year. The success rate of a hacker that did not know the user was about one percent. People who knew the user could hack the password about seven percent of the time. Additional security can be provided by using multiple photographs of the same person. This option reduced hacker success to two percent.
The development of the system is still in a prototype phase. The developers expect the photo password security tool to be available as an app within six months to a year. The applicability of the new system to any password protected system is presented as possible by the study results.
The other way to protect passwords is implementing single sign-on technology. The technology is based on SAML, therefore it is highly secured.Apart from security point of view, single sign-on simplifies the user authentication process. It proves seamless authentication by permitting users to enter single password and username to login multiple web services and applications of same organization.