Researchers say that that commonly shared terms are the most powerful and hack proof passwords
Everyone has a password problem. No matter how many times we are asked to make our PINs more secure, still every year millions of our accounts are hacked into. The most common passwords that were intentionally used last year were obvious: "123456," "password," and "12345". Well, there must be a better way to secure password.
Just imagine, you are logging to check your email account and suddenly you are prompted with a personal question like, "What new song did you download yesterday?" or "Who was the first person to text you this morning?"
Researchers are of the belief that this kind of a personal and rather unpleasant validation process could be the future of passwords. According to research trials, secrets transmitted only between a user and his/her devices — like private Facebook activity, or web browsing habits — were converted into very successful passwords.
Romit Roy Choudhury, an associate professor at the University of Illinois at Urbana-Champaign, who has co-written a paper on this topic, told MIT Technology Review that "Whenever there's something you and your phone share and no one else knows, that's a secret, and that can be used as a key."
The "ActivPass" project had researchers from Urbana-Champaign, the Indian Institute of Technology Kharagpur, and the University of Texas at Austin design an app to mine subjects' smartphone activity, along with an algorithm to recognize good sources for questions. They found that to provide as a satisfactory password prompt, events have to be unusual enough to push a user's memory and have very short memories.
It was found out that the success rate to recall activities that happened one day ago was about 90 percent. However, the rate decreased quickly to less than 60 percent after about four days. This means password prompts would need to be associated with very recent activity, for example, the song you downloaded last night, for it to have any chance of being successful.
We are also extremely bad at recollecting our own browsing history. "Several users were not able to recall whether they browsed a ‘lsbf.org.uk' website," the study says. "But immediately responded positively when asked if they visited the 'London School of Business' site. As a result, webpage titles and descriptors are needed."
What about safety? What are the possibilities of someone guessing the right answer? The queries would need to be clearly defined, private behavior, and not connected to the user's public Facebook profile. The researchers write that "several 'friends' were able to predict, say, that a student of MIT was visiting an alumni group of MIT Robotics."
The study showed that socially based questions worked efficiently as password prompts: The users responded to three questions correctly 95 percent of the time. However, the drawback is which is somewhat reassuring that they were able to reply to queries regarding other people only 6 percent of the time.
Choudhury and his team are currently in talks with several companies, including Yahoo and Intel as told to MIT Technology Review.