Achilles’ Password: Online Security’s Susceptible Straggler

These new technologies promise to make your vulnerable passwords obsolete.

Illustration by Tyler Hoehne

Since its inception 56 years ago, the Defense Advanced Research Projects Agency, essentially the U.S. Department of Defense’s mad scientist division, has turned fiction into fact and revolutionized our world several times over by thinking big and weird. They’ve invented the proto-internet, GPS systems, and even bent light itself to make 40 trillionths of a second disappear. They’re currently tinkering with laser guns, health monitoring internal nanobots, and virus-killing blood cleaning technology, just to name a few. But right now, one of DARPA’s main focuses is on something called the Active Authentication Project, launched in 2012 with the explicit and initially confounding mission of eliminating passwords as we know them, to better guard us all online.

DARPA isn’t coming out of left field. Up to 55 percent of security professionals think passwords are a fundamentally flawed means of protection, and it’s common knowledge that they’re easily poached by programs like Heartbleed—just this month, a group of Russian hackers amassed 1.2 billion internet credentials. Even long, complex passwords don’t seem to be protecting us well, and can be broken down by hacking systems. A decade ago, Bill Gates predicted passwords would die. Then, last year, several tech firms launched the Petition Against Passwords. Now a group called the FIDO Alliance hopes to do away with internet passwords altogether by 2015, although there’s no official consensus on how exactly to do this.

To date, many tech companies have sought to replace traditional passwords with things like knock code, multi-step verification, physical lock-and-key systems, and even biometrics. Google, a champion of multi-stage logins, recently acquired SlickLogin, a program that will transmit a near-silent sound from your computer to an app on your phone, which then returns a signal to a website server to confirm a user’s identity. Google is betting heavily on the elaborate technology, believing it to be one of the most effective and difficult to replicate multi-step verifications. And many phones now have basic finger (or even ear) scanning technology like the Ergo app, which provides greater individual specificity and security than fingerprints, which can still be lifted or easily smudged.

But all of these systems still have serious flaws. Even non-verbal codes can be broken, physical locks can be lost, and a multi-step process, in the end, only verifies safety at the sign-in stage, while threatening to screw over users who, in SlickLog’s case, for example, lose their phones. Mistake-free, multi-step verifications are invasive, like Google’s plan to have people ingest radio frequency-transmitting pills or wear electronic tattoos. As for biometrics, aside from being unreliable and easily fooled, many involve clunky lifestyle changes and new equipment like wristbands to monitor heart signals or special bio-soles to verify your identity by foot pressure. There have been attempts to make biometrics more discerning, with cameras that monitor the formation of facial expressions or finger sensors that can detect a user’s blood and oxygen flows.

DARPA’s push to end the password is a revolutionary, two-pronged (if borderline Orwellian) approach: First, they’re focusing on “cognitive fingerprints,” which track how a user moves or acts, identifying the individual not only at login, but continuously, throughout their experience. The method assesses subconscious or automatic factors like muscle movement, which are almost impossible to replicate. Second, DARPA is reinforcing the cognitive fingerprint process with existing technology, using the sensors and apps already on our computers and phones in unexpected ways. Partnering up with scientists from Drexel University, the NASA Jet Propulsion Laboratory, New York Institute of Technology, Southwest Research Institute, and SRI International, DARPA is working to detect our “authorial fingerprint,” based on writing style, speed, and errors. The organization aims to build detection techniques around the unique rhythms and electric signals of our hearts, the micro movements in our hands as we gesture, our patterns of response to randomly generated system error messages, and the speed, style, and balance of our stride and posture.

Progress is promising, but all of these technologies are still in the early stages of development. It will be a while before kinks are ironed out and developers make the login and constant verification process seamless and inoffensive. And, on DARPA’s end, it’s likely that the systems they develop will only make it to the public after first launching on Defense Department computers. For many of us, that’s actually cause for relief—even though the DARPA programs are a far cry from anything as invasive as swallowing a password pill á la Google’s one-time plan, they do involve storing a great deal of intensely personal data. But even if the current forms are disturbing, the mission is still worthwhile. Maybe we’ll reject some of the more intrusive options, but in an age of vulnerability and shrinking privacy, any meaningful step we take in the quest for personal security is a step in the right direction.

AFP News Agency / Twitter

A study out of Belgium found that smart people are much less likely to be bigoted. The same study also found that people who are bigoted are more likely to overestimate their own intelligence.

A horrifying story out of Germany is a perfect example of this truth on full display: an anti-Semite was so dumb the was unable to open a door at the temple he tried to attack.

On Wednesday, October 9, congregants gathered at a synagogue in Humboldtstrasse, Germany for a Yom Kippur service, and an anti-Semite armed with explosives and carrying a rifle attempted to barge in through the door.

Keep Reading Show less
via Andi-Graf / Pixabay

The old saying goes something like, "Possessions don't make you happy." A more dire version is, "What you own, ends up owning you."

Are these old adages true or just the empty words of ancient party-poopers challenging you not to buy an iPhone 11? According to a new study of 968 young adults by the University of Arizona, being materialistic only brings us misery.

The study examined how engaging in pro-environmental behaviors affects the well-being of millenials. The study found two ways in which they modify their behaviors to help the environment: they either reduce what they consume or purchase green items.

Keep Reading Show less

One of the biggest obstacles to getting assault weapons banned in the United States is the amount of money they generate.

There were around 10 million guns manufactured in the U.S. in 2016 of which around 2 million were semiautomatic, assault-style weapons. According to the National Shooting Sports Foundation, the firearms industry's trade association, the U.S. industry's total economic impact in 2016 alone was $51 billion.

In 2016, the NRA gave over $50 million to buy support from lawmakers. When one considers the tens of millions of dollars spent on commerce and corruption, it's no wonder gun control advocates have an uphill battle.

That, of course, assumes that money can control just about anyone in the equation. However, there are a few brave souls who actually value human life over profit.

Keep Reading Show less
via Reddit and NASA / Wikimedia Commons

Trees give us a unique glimpse into our past. An examination of tree rings can show us what the climate was like in a given year. Was it a wet winter? Were there hurricanes in the summer? Did a forest fire ravage the area?

An ancient tree in New Zealand is the first to provide evidence of the near reversal of the Earth's magnetic field over 41,000 years ago.

Over the past 83 million years there have been 183 magnetic pole reversals, a process that takes about 7,000 years to complete.

Keep Reading Show less
The Planet
via Pixabay

The final episode of "The Sopranos" made a lot of people angry because it ends with mob boss Tony Soprano and his family eating at an ice cream parlor while "Don't Stop Believin'" by Journey plays in the background … and then, suddenly, the screen turns black.

Some thought the ending was a dirty trick, while others saw it as a stroke of brilliance. A popular theory is that Tony gets shot, but doesn't know it because, as his brother-in-law Bobby Baccala said, "You probably don't even hear it when it happens, right?"

So the show gives us all an idea of what it's like to die. We're here and then we're not.

Keep Reading Show less