Forgot your password?
typodupeerror
Security Technology

Researchers Develop "Narrative Authentication" System 117

Posted by samzenpus
from the tell-me-about-yourself dept.
hypnosec writes "Researchers have developed a 'narrative authentication' system that could put an end to the need of remembering complex passwords to logging onto computer systems. The new system has been developed by Carson Brown and his colleagues over at Carleton University in Ottawa, Canada. The main idea behind the system is to log a user's activities on the system or any other device that he/she may be using and then ask questions about them when they login next time. Users can interact with the logging software and add their own events in the real world like wedding dates, holidays, travel dates, etc."
This discussion has been archived. No new comments can be posted.

Researchers Develop "Narrative Authentication" System

Comments Filter:
  • by soma (20246) on Monday January 06, 2014 @12:23PM (#45878651) Homepage

    Hello. I'm one of the co-authors of the workshop paper that inspired this article. I say "inspired" because the article is completely misleading.

    First off, the paper was a position paper. It was primarily speculation about how we could do authentication in the future. The idea behind it was that humans are bad at remembering very specific facts but are very good at remembering stories - narratives. What would it mean to authenticate using stories? Think about how you'd verify the identity of a friend communicating via text message from an unknown phone number or account. Make a computer do that.

    And yes, fully developed such a system would be AI-complete. But I think there are lesser incarnations that might be usable and secure. But that is just educated speculation on my part.

    Now the paper did present a simple example of how you could do something kinda-narrative-like using text adventures (yes, think Zork). Such a system isn't discussed in more detail because there are many usability challenges. But it can be done. Carson Brown got his Master's thesis [carleton.ca] in fact by by building such a system. (Yes, I was his advisor.)

    If anyone wants to build a PAM module based on Inform 7 [inform7.com] drop me a line. Could be fun! But it won't be practical.

    If you want to learn more, the paper is "Towards narrative authentication, or, against boring authentication." [nspw.org]. The workshop in question is the New Security Paradigms Workshop [nspw.org].

    And in case you were wondering, none of us are doing any follow-up work on this right now. But I'm always open to collaboration opportunities. :-)

        --Anil Somayaji

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...