A new secure password idea

Date: 2011-04-23 11:10:56

The quest for secure ways to remember strong passwords recently took a new turn. This Network World article explains how researchers have devised a password storage and retreival system using CAPTCHAs.

CAPTCHAs are the images with twisted or stretched word images you are forced to enter when submitting web forms. They are meant to ensure only a human is submitting the form.

The idea is that you take a password and split it into two parts. One part is weak and easy to remember. The second part is strong. What happens is a CAPTCHA is created for the strong part and encrypted in a way that only the weak part can decode.

The interesting part of this is when a program takes a password list and attempts to decrypt it; every attempt seems to succeed to the attacking computer. The problem is that it returns an image which can only be interpreted by a human.

To use this system a user would do the following:

1. Create a strong password either manually or by using a password generator. For example apple_83tNf&)_sKb
2. They would pick an easy part of the password to remember such as apple.
3. They then go to a website or run a program where they paste in apple_83tNf&)_sKb and then say the apple is the easy part, which will be the key.
4. When they need to remember the password, they will run the program or go to the website and somehow select the site they need the password for. They will then enter the easy part and it will return the CAPTCHA. By combining the two they have the correct password.

Personally, this seems like a lot of steps to go through to retrieve a password. The creators plan to have it commercially available in a month. It will be interesting to see if this system makes any traction.

Category: Authentication

Subcategory: Third-Party