Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security The Internet The Military Technology

DARPA Wants To Get Rid of Password Protection 205

Posted by samzenpus from the forget-the-words dept.
coondoggie writes "Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security authorization. The program, called Active Authentication, looks to develop technology that goes way beyond today's use of hard to remember password protection and determine identity through 'use of software applications that can determine identity through the activities the user normally performs,' DARPA said."
This discussion has been archived. No new comments can be posted.

DARPA Wants To Get Rid of Password Protection More

DARPA Wants To Get Rid of Password Protection

Comments Filter:

  • Re:Obligatory XKCD (Score:4, Insightful)

    by moderatorrater ( 1095745 ) on Friday November 11, 2011 @02:28AM (#38020334)
    That's assuming random distribution among the 3000 most common words. How non-randomly distributed the real world usage becomes is basically the entire strength of the scheme. A 9 character password should be strong by the pure math. In the real world, it's probably "password1" and will get cracked within 10 tries.

  • What if behaviours change? (Score:5, Insightful)

    by MacTO ( 1161105 ) on Friday November 11, 2011 @02:53AM (#38020438)

    Memories (or notes) don't change radically. Ditto for biometrics. Yet behaviours do change, as soon as a person's priorities change. It may not happen often and there is probably a transition period, but I would be lying if I claimed that I am the same person I was a year ago.

    For a group concerned about military security, like DARPA, denying access based upon behavioural changes may be appropriate. After all, it may demonstrate bribery or blackmail or some other change of heart. But for everyday transactions it is inappropriate. After all, would you want to be denied access to your money because you went from a greedy SOB to a charitable person (or vica versa).

  • Re:Obligatory XKCD (Score:5, Insightful)

    by RajivSLK ( 398494 ) on Friday November 11, 2011 @04:32AM (#38020886)
    You are misinterpretting the idea. The password is not stronger simply because it's longer. It's stronger because there are many more common words than there are letters in the alphabet. Think of each word in the password as a single letter. However, instead of the alphabet being 26 letters (or 62 if you include upper and lowercase and numbers) the alphabet is 2048 letters long. Then picking a 4 "letter" password gives you 2^44 bits of entropy. A completely random 8 letter alphanumeric password would give ~47 bits. If someone sees a couple of letters from a four word password and can somehow deduce from that an entire word (for arguments sake) you still have 2^33 bits of entropy. If somebody sees two characters from your 8 character randomly generated password you have only ~2^31 bits of entropy left. If you really must have random passwords it's really not a bad idea to at least tack on a single word to the end of your password just for the fun of it. Jg9D2js7 = 47 bits of entropy Jg9D2js7cricket = 58 bits of entropy and in the real word probably much harder to guess than four dictionary words because it doesn't follow one scheme or the other- it's a mix of the two.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Friday November 11, 2011 @06:49AM (#38021390)
    Comment removed based on user account deletion

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close