Time to Paradigm Shift Passwords by Richard Blech
Paradigm, a theory or a group of ideas on how something should be done, made, or thought about. This is exactly applicable to the current state of vulnerability that all of us face, with the current methodology of alpha-numerical passwords. A recent article from RawStory breaks the reasons why we are so exposed with our easy passwords to hackers: http://www.rawstory.com/2014/12/the-big-password-mistake-hackers-are-hoping-youll-make/
One of the most prominent security vulnerabilities facing computer users today is user maintained passwords or keys. The reason I say ‘user maintained’ is the present paradigm requires the user to ‘remember’ their key for future use and, unfortunately, the average human brain just doesn’t remember complex patterns all that well.
In order to address this problem there must be a way to allow for the generation and use of complex keys and yet be simple enough for the average person to remember. What a person can more easily remember are things associated with themselves, such as:
pictures they took or were given
documents they wrote or read
audio recordings they may have made or listened to
movies they may have watched
Given the above list of ‘things’ or resources a person can associate with and thus remember the details, and then we can use this fact to build a paradigm that can utilize that memory mnemonic to create cryptographically complex keys.
Imagine if the user was presented the ability to use personal imagery indicating ‘hot spots’ on and that the system could use that imagery as their key? That technology already exists in gesture based key systems but, unfortunately, those concepts, although easy to use, are just weak by today’s standards.
Now imagine, taking that idea to the next level and not focusing on the simple gestures but taking the raw data of the resource underneath that gesture. The same paradigm of ‘hot spot’ indications can be used. In doing so the key becomes highly complex in that it is now not just a small sequence of indicators but a far larger set of binary data in the 10s to 100s of kilobytes. Bear in mind the sequence used to select the ‘hotspots’ or segments is also important as the key is developed from the raw resource data in the same selection sequence.
Such a complex key can now be used to highly encrypt data and yet still be easily memorized by the user since they are using memory mnemonics that are relevant to themselves.
Take this one step further and allow the user to utilize multiple images from multiple sources. You have just increased the complexity of the possible keys exponentially.
Take this another step further and allow the user to utilize ANY type of resource as mentioned earlier: images, documents, audio clips, video clips, etc. Literally any digital resource that can be presented to the user in a usable way can be used to generate said complex, yet memorable keys.
Such a system of key generation and authentication is:
very simple to use
is based on the user
is oriented on resources
is a segment driven architecture
Such a system is…SUBROSA© a Simple, User Based, Resource Oriented,Segmentation Architecture. SUBROSA© is our new patent pending product that solves this dilemma and serious vulnerability. While the user will only need to remember a few segments of memorable impressions, the potential hacker will only see the long cryptographic key (Four memorable segments from the user translates to pages of complex keys like below to a potential hacker)
The age of the alpha-numerical password has ended…
See Richard Blechs other articles on SecureChannels.com
View the original article by Richard Blech here.