Activity record better password: IIT engineers

New Delhi : Who was the first person to text you today? The answer to this, or a similar question, could be the unlocking code for your phone instead of a normal password.

Researchers at Indian Institute of Technology-Kharagpur, in collaboration with other universities, are investigating whether recalling text messages, calls, and Facebook likes could be a useful log-in strategy.

Support TwoCircles

The researchers think that kind of question could eventually work as a simpler log-in method for some websites and services. The kinds of things you do regularly on your smartphone or computer may be easy for you to recall but difficult for a hacker to guess, they suggest.

“Whenever there’s something you and your phone share and no one else knows, that’s a secret, and that can be used as a key,” said study co-author Romit Roy Choudhury, an associate professor at the University of Illinois at Urbana-Champaign.

In a research project dubbed ActivPass, researchers from the Indian Institute of Technology Kharagpur, the University of Texas at Austin, and the University of Illinois Urbana-Champaign studied how well participants could answer questions based on a log of activity, including Facebook posts, websites visited, songs downloaded, and people called and texted.

The researchers reported that asking questions about recent, infrequent events (such as a phone call yesterday from a friend you haven’t spoken to in a while) worked 95 percent of the time in testing.

Eventually, this kind of authentication may replace the growing list of usernames and passwords most of us have, or at least serve as a new kind of backup for when you forget a password.

In their study, the researchers used an app to collect data from participants’ smartphones and also gathered some data from their computers.

On average, users succeeded in answering three questions about themselves correctly 95 percent of the time, and they were able to answer questions about other people less than six percent of the time.

Choudhury said the researchers were speaking with companies like Yahoo and Intel to figure out if what they’re doing could be useful for enterprise users.

The study was published in MIT Technology Review.