DARPA Wants To Get Rid of Password Protection 205
coondoggie writes "Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security authorization. The program, called Active Authentication, looks to develop technology that goes way beyond today's use of hard to remember password protection and determine identity through 'use of software applications that can determine identity through the activities the user normally performs,' DARPA said."
And suddenly... (Score:2)
acting becomes the hot new job area. Except the actors work for the Mafia now, not Hollywood.
Re: (Score:2)
acting becomes the hot new job area. Except the actors work for the Mafia now, not Hollywood.
Much as well all find some actors so annoying that we'd like to see them knee capped, I don't think so ;-)
Re: (Score:2)
So how would things be different to what they are now?
This can only make the work place more awkward. (Score:5, Funny)
I shudder to think how much porn I would need to watch before I can check my email.
Re:This can only make the work place more awkward. (Score:4, Funny)
I shudder to think how much porn I would need to watch before I can check my email.
Perhaps they'll incorporate biometrics of your private parts. Unzip, insert......."welcome mr todger, how may i assist you today".
Re:This can only make the work place more awkward. (Score:5, Funny)
lol ok here you go [welookdoyou.com]. NSFW.
First website I ever bookmarked. I have waited for years to sneak that into a slashdot thread.
Re: (Score:2)
That is fascinating, horrifying, and WTF! all at the same time.
Re: (Score:2)
That is fascinating, horrifying, and WTF! all at the same time.
Well I gurantee you anyone who pays $1000 for the pair of units gets F$@#ed...just not as intended. The only horrifying part is that there are people that desperate and stupid. Why on earth would anyone think that a mastabatory aid is best located attached to a mini-tower and located in a drive bay? I can only assume that anyone who thinks this is a good idea is in no danger of polluting the gene pool.
Re: (Score:2)
lol ok here you go [welookdoyou.com]. NSFW.
First website I ever bookmarked. I have waited for years to sneak that into a slashdot thread.
Glad I could provide an excuse to use it. You're lucky they didn't go out of business before you managed to.
Re: (Score:2)
I just remembered... Family Guy already did it:
Female Voice: Welcome to the inner vault. Penial Identification required.
Quagmire: Let me handle this. [Unzips his pants, puts his pelvis to the door and it opens. He then re-zips his pants]
Peter: That's amazing? How the hell did you match it?
Quagmire: Oh, I didn't match the shape. I just stuck it in there and broke it.
Season 7 Ep. 7, "Oceans Three And A Half"
Re: (Score:2)
"click to enlarge" suddenly has a new ring to it...
Re: (Score:3)
As Cletus T. Judd famously said, "When I was a kid I was told that if I clicked my mouse too much I would go blind."
Re: (Score:2)
Now displaying:
"Apache 2 Test Page - Powered By CentOS"
So, maybe it WAS good....until you RUINED it!
Re: (Score:3)
I shudder to think how much porn I would need to watch before I can check my email.
Perhaps they'll incorporate biometrics of your private parts. Unzip, insert......."welcome mr todger, how may i assist you today".
I'm sorry Dave, I can't do that.
Re:This can only make the work place more awkward. (Score:4, Funny)
Obligatory XKCD (Score:5, Funny)
Here's the XKCD [xkcd.com] on password strength.
Re: (Score:2)
Re: (Score:3, Informative)
Even assuming you only use the 3000 most common words in the English language, 4 words gives you close the the same number of possibilities as an alphanumeric password of 9 characters.
Re:Obligatory XKCD (Score:4, Insightful)
Re:Obligatory XKCD (Score:5, Informative)
That's the whole point. Using "correct horse battery staple" is stronger in the real world because people can pick random common words, have a decently high level of entropy, but still remember the passphrase. As opposed to using "Pa$$word1" to meet the complexity requirements with something they can remember and then seeing it get cracked in fifteen seconds.
Plus, if you need more entropy, you can obviously just use more words. If you use something like "frozen biology department literally conducts every experiment after august but before march" then you have something with more entropy than you can crack in any practical amount of time even with offline methods (and even including the fact that it has grammatical ordering which reduces entropy some), but any idiot can memorize it in short order.
Re: (Score:2)
Also, since most attacks are blind, they wouldn't necessarily know you're using words, or what word set, if there's caps or similar, perhaps it's somewhat salted with a few random characters at the start. The further you go, the more improbable it would be for them.
Re: (Score:2)
I've had this idea of using pieces of different phrases from books and such (like quotes) that stand out to you. Chopping them up that way... the key is cutting and mixing unexpectedly however. Of course this depends on not having silly password length limits, or situations where you can enter any length but only the first 12 are used (and in my experience you are never told of this).
For example, use a password safe so you can use truely random long passwords, but the key to unlock the safe is 10 words, wit
Re: (Score:3)
What I'm saying is that the substitutions are useless. The increase in difficulty of remembering them is greater than the increase in entropy you get from them.
Performing the substitutions consistently would only provide a single bit of entropy total. The attacker just has his dictionary of words, then performs all the substitutions on all the words, which doubles the size of the dictionary but no more. If some letters have more than one possible substitution (e.g. a->@ or a->4) you would slightly mor
Re: (Score:3)
Alternatives:
frozen biology department literally conducts every experiment after august but before march1
frozen biology department literally conducts every experiment after august but before march99
Mrfrozen biology department literally conducts every experiment after august but before march2011
Re: (Score:2)
Using "correct horse battery staple" is stronger in the real world because people can pick random common words, have a decently high level of entropy, but still remember the passphrase.
But people WON'T pick 'random' words. They'll look at their desk and use "stapler paper pen paperclip" or look around their office and use "filecabinet desk chair window". Maybe geeks will use "slashdot lotr SteveJobs wifi" or gamers will use "WOW Halo Gears COD". And so on.
Re: (Score:2)
That's why you should ALWAYS use a password generator.
Re: (Score:2)
And then you run in your bank's online services which restrict you to 8 characters.
Re: (Score:2)
Even assuming you only use the 3000 most common words in the English language, 4 words gives you close the the same number of possibilities as an alphanumeric password of 9 characters.
And of course, one of the words in the XKCD example is not one of the 3000 most common English words.
Re: (Score:3, Informative)
Re:Obligatory XKCD (Score:4, Interesting)
You are missing the point of the comic. It explicitly measures the entropy [wikimedia.org] of the two password selection schemes. The selection scheme itself is not secret; the point is that if there are about 2048 (2^11) "common" words, then there are 2^44 passwords made out of 4 common words, which is a lot more than the estimated ~2^28 possibilities for the more common password scheme.
What the comic doesn't take into account is methods of discovering the password other than brute force. If the password is known to be 4 common words, and you somehow discover a few letters of the password (eg looking over someone's shoulder) and have a rough idea of the placement of those letters within the password, it suddenly becomes a whole lot easier to guess what the remaining letters are, as opposed to a random password where knowing a few letters in the password doesn't help in determining what the other letters are. Using something like the acoustic keystroke logger posted on Slashdot the other day becomes a whole lot easier too as the search space is diminished because the words are common dictionary words.
Re:Obligatory XKCD (Score:5, Insightful)
Re: (Score:2)
Sorry for the poor formatting-- here it is better:
You are misinterpretting the idea. The password is not stronger simply because it's longer. It's stronger because there are many more common words than there are letters in the alphabet.
Think of each word in the password as a single letter. However, instead of the alphabet being 26 letters (or 62 if you include upper and lowercase and numbers) the alphabet is 2048 letters long. Then picking a 4 "letter" password gives you 2^44 bits of entropy. A comple
Re: (Score:3)
Re: (Score:2)
What the comic doesn't take into account is...
End of story bro.
Re: (Score:2)
One problem with English word passwords. They can be very easily spoken.
This means if you vocalize while you type, or if the system accepts voice input, it will be very easy to lose your security and for people to share the information vocally. Since as other posters note it is low entropy if your CPU understands English.
Re: (Score:2)
If there are really 44 bits of entropy then it should be OK. XKCD looks at 4 words of 11 bits---2048 possibilities if uniformly distributed, given humans, that's probably not unreasonable.
We have to let the computer choose the password, and the human agree to memorize it. And it MUST be 4 words, not one, or three.
Five is *right* *out*.
Re: (Score:2)
We have to let the computer choose the password, and the human agree to memorize it. And it MUST be 4 words, not one, or three.
Five is *right* *out*.
That sounds like a sendup of a Monty Python skit.
Re: (Score:2)
Yes: something they don't point out is that you can't safely choose the words yourself. Your "random" choice of words is not uniformly distributed. You need the computer to give you a password of four words and not let you keep generating new passwords until you get one you like.
Re:Obligatory XKCD (Score:5, Informative)
now, as to why i don't disagree, let me first define a premise. the password is being attacked via a brute force attack. there are no rainbow tables in use or exploiting of the encryption algorithm. a dictionary can and will (as you'll see later on) be used. now, let me recalculate the passwords in terms of possible password permutations. i don't know how to calculate it with bits of entropy and even if i did, it'd be really confusing to understand.
with a 24 character length password from a set of 26 characters, the number of possible passwords is 26^24 or 9.1 x 10^33. for a password that is 11 characters in length from a 96 character set, its 96^11 or 6.4 x 10^21. again, the plaintext password is stronger.
now here's where my criticism comes in... when you reduce the password to using only english words, you exclude from the set of possible passwords words like "sdfjae" or "fjwioxe". in other words, its no longer completely random. in fact, i believe you so significantly reduce the entropy space that it is now much weaker than the random character password.
lets take for instance a 5 character length password. given all available password combinations, that would yield us the set of possible passwords that is 26^5 or 11, 881, 376. now using the dictionary at http://www.wordbyletter.com/words_by_length.php [wordbyletter.com], i used a script to pull all the 5 letter words and count how many there were. that yielded us 9755 words. of course, its possible the word list at that site isn't complete and once you start increasing the character length, the number of word combinations will increase.
i'm not going to try to calculate the possible number of permutations of a 24 character english word password but its definitely significantly less than the 112 bits of entropy we calculated earlier. is it less than the 72 bits for the ascii character set? i don't know. but maybe someone smarter than me can go tell us that one.
therefore, this allows us to use a brute force attack that doesn't attempt every character but rather, every possible word in the english dictionary. it should also be noted that most of the words in the english dictionary are extremely rare and usually unheard of. my point in this wasn't conclusively disprove the artists rendition. rather, i just wanted to draw doubt and show that there might afterall be a reason why we don't use extremely long passwords of words we commonly use.
Re: (Score:2)
You've made a false assumption there. When using passwords you can't assume the entropy of the entire ASCII table as you're limited to what you can input. For one thing the first 32 characters of the ASCII table can't be typed. A lot of passwords will also only allow a limited set of special characters disallowing things like | or escape characters like \.
Re: (Score:3)
Re: (Score:2)
Ahhh I actually couldn't find the Wikipedia article. I was looking through all the pages on entropy not on password strength.
Re: (Score:2)
And if we're talking about randomly-assigned passwords that can be automatically generated by the IT department for a new user...yikes. It's possible to communicate to a non-hacke
Re: (Score:2)
The 4 words scheme suggested isn't bad, as long the hacker doesn't know that this is what you're doing.
To make it safe in a world where John The Ripper implements many of such schemes in its initial dictionary style attacks, you need to introduce both other symbols than lowercase a-z, and glue characters between those words. If you 'lamerfy' those words and add three glue characters, one between each of the words, you still need to remember only 7 items (four words and three symbols) and you still get a pas
Re: (Score:2)
Re:Obligatory XKCD (Score:5, Informative)
i'm not sure i completely agree with that. for one thing, he calculates entropy wrong. according to wikipedia, the set of all ascci characters has an entropy of 6.5446 bits per character. given an 11 character password, thats ~72 bits. a 26 letter character set has an entropy of 4.7004 bits per character with 24 letters, that gives the password 112 bits. that doesn't make my case for why i disagree, just showing that he calculated entropy wrong. i actually don't even know how he came up with those numbers.
People understanding things in this way is exactly why everyone chooses bad passwords. His point is that if everyone has passwords like Tr0ub4dor&3, password guessers won't guess random printable ASCII characters, they'll guess a word and then try some substitutions on it.
So 'Troubador' can be guessed with a dictionary attack, which is why the word only gets about 16 bits of entropy (that puts it in the top 64000 most common words in English). There is additional entropy added by the substitutions but substituting '0' for 'o' is much easier to guess than changing the 'o' to a random character.
i'm not going to try to calculate the possible number of permutations of a 24 character english word password but its definitely significantly less than the 112 bits of entropy we calculated earlier. is it less than the 72 bits for the ascii character set? i don't know. but maybe someone smarter than me can go tell us that one.
And again, since an attacker would be using a dictionary attack, the correct way to calculate entropy is per word, not per character. The xkcd calculates 11 bits of entropy per common word which suggests these words are in the top 2^11=2048 most common words which seems reasonable (a quick glance at wikipedia suggests around 80% of the words in written texts are built from the most common 2000 words). So we get 44 bits of entropy. Obviously less than 72 bits but how many people are really going to create a completely random alpha-numeric-punctutation string of 11 characters (not built from a word or pattern)?
Re:Obligatory XKCD (Score:5, Informative)
now here's where my criticism comes in... when you reduce the password to using only english words, you exclude from the set of possible passwords words like "sdfjae" or "fjwioxe". in other words, its no longer completely random. in fact, i believe you so significantly reduce the entropy space that it is now much weaker than the random character password.
Of course you reduce the amount of entropy, per character. The point is to use more characters in order to make the password have the same level of security while being easier to remember.
The example four English word password "correct horse battery staple" has 28 characters. It has about the same amount of entropy as a 7 character password that randomly uses any of the slightly less than 100 characters you can type on a keyboard. A 28 character random password has preposterously more entropy. But it looks like this: "#1-:';Gqz_UR]l~g607PM_/v@/e6". That's utterly useless because the user will never remember it so it ends up on a sticky note on the user's monitor. Even the 7 character random password ends up on the sticky note. The four English word password gets memorized and not written on anything.
Misapplied theory. (Score:3)
The point is that people remember words, not characters, so it makes absolutely no sense use a string of random characters as a password. By disregarding the way people actually think, and the passwords that are generated in practice (rather than in theory), security "experts" have managed to build a standard that results in lots of forgotten passwords while still being relatively insecure when applied in the real world.
It's the definition of boneheaded groupthink, and your post is just another example of s
Re: (Score:2)
The point is that people remember words, not characters
This is why I still remember the name of Jimmy James book, "Macho Business Donkey Wrestler" from the News Radio episode "Super Karate Monkey Death Car" [youtube.com]
Comment removed (Score:5, Insightful)
Re: (Score:2)
The reality is your badge should be enough. At the entry point to the building your badge with it's chip is accesed and matched to your physical appearance, beyond that simply use you badge to swipe into any computer. Types of access should be restricted to locales of machine, obvious a machine at the reception desk etc should be hardware locked to only gain reception desk style access regardless of who logs in.
The most secure machines, should be in a glassed off room running parrallel to the main hallwa
Or... (Score:2)
everyone could just make their password "rms"
Re: (Score:2)
You joke, but the crappy online banking system my bank uses, has assigned me a really hard to remember username.
I can choose my password freely, fortunately, but they have stupid limitations and requirements forcing me to make my password easier. I really need to switch to a different bank someday.
Google and Facebook already do this, no ? (Score:2, Interesting)
Authenticate based on "activities the user normally perform" ?
Aren't Google, Facebook and advertisers already tracking our every move ? And figuring out when people come back to visit a site ?
I'm sure you can identify people that way, but can it really be secure ?
Re:Google and Facebook already do this, no ? (Score:4, Interesting)
When we recently traveled I logged into Facebook on my phone. At home I log in from many different devices at many different places in the city. None of this rings alarms. As I was traveling Facebook didn't blink an eye when I suddenly logged in from Europe.
My girlfriend on the other hand was not so mobile. She last logged in from Australia. When she sat down at a kiosk in Dubai and logged in Facebook refused her login and made her play a guessing game. It showed pictures of her friends and asked her to match the faces to the names.
I was actually quite impressed with not only the way in which Facebook didn't simply accept the login but also posed a quiz that worked quite well at identifying if you are who you say you are.
Re: (Score:2)
I bloody hate that quiz.....
Half my friends use their kids faces or some artsy pic as their profile pic.... and they change it every other week...
If someone who shares a significant part of my network ever wanted to get in, this would be a simple portal for it.. meh
Re: (Score:2)
You can see my fingerprints, see my face, fairly easily see my retinas, watch what I do .... ....now tell me, what is my password ...?
Re: (Score:2)
...and banks too. I recently purchased a few music tracks from the Nokia Music Store, from Finland. The 4th attempt to purchase something failed. The reason turned out to be that I don't normally purchase things from Finland using that card/account so they blocked it. I'm not sure why what changed between the 3rd and 4th tracks...I didn't move suddenly between the UK and Finland or anything.
It turns out I have to tell my bank when I decide to travel. Crazy. ...and supposedly for my own benefit, even though
TSA Authenticator (Score:3)
Not surprising... (Score:2)
Re: (Score:2)
And for those of us using "none of the above", at least on any regular basis (google once in a while), it will be even easier to narrow the four of us down.
TFS doesn't make sense. (Score:4, Interesting)
System authentication takes place, necessarily, BEFORE any activity can take place. Therefore, there's no way in this physical universe you can run an authentication based upon a users' activity to unlock the platform he would need access to to actually *do* anything.
My first thought on this, however, is old hat: fingerprint recognition (easily defeated with a boxcutter and a Kleenex), facial recognition (the jury's out on this one, I have a Windows 7 box and FR authentication just plain doesn't work), voice sampling (decent quality analogue playback? Help me out here, how easy is it to defeat a voice sampler?), retinal scanning... there are several methods of passwordless authentication, which can be made more secure (and quite possibly safer) with random combination of two or three of them. I'll tell you how old hat: Star Trek II. Kirk authenticates himself for access to Project Genesis report with voice sampling and retinal scan. That was a plot device used in a movie in what, 1982? Yeah, a bit before HD webcams and commercially available low power LED lasers. Way before MP3. If DARPA are trying any of this on for patents, they'll fall over on prior art.
Re: (Score:2)
Prior art in the context of patents always refers to something that actually existed previously. This keeps people from patenting things that other people patented long ago, where the patents have expired. Something being in a work of fiction won't cut it as an example of "prior art".
It may, however, make it qualify as "obvious".... particularly if the fictional work is popular.
Re: (Score:2)
fingerprint recognition (easily defeated with a boxcutter and a Kleenex)
Not so easily defeated if the sensor can also read temperature, pressure, blood oxygen levels, and so on.
Fiction is not prior art.
The severed finger makes good theater.
In real life it adds layer upon layer of complexity and danger.
Sorry Dave I can't let you do that (Score:2)
Without my space helmet there is no way I am getting in to my /. account.
Re: (Score:2)
And when you exhibit abnormal behavior?? (Score:5, Interesting)
"Normal" behavior is a baseline, not a universal.
What about when you have a cold? Your voice is messed up, your brain is foggy, you become clumsy which means your behaviors change, you take medicines which make you groggy and thus different, and so on.
What about when you start taking a prescription (or other) drug that messes with your mind and/or with your reflexes, and/or with your nervous system?
What about when you're in a bad mood? What about when you've just experienced a life-changing event and everything about you seems different? What about if you get food poisoning, get hit by a bus, get burned in a fire, get a brain tumor, or are just having a bad friggin' day?
How many people are "normal" every day of their life? 0.00000000%, right?
Re: (Score:2)
And what about people like me who have 21, 34, 55, 89, 144 or more personalities (sometime less)? It's going to be terrible :-(
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"Password will be my constant".
Re: (Score:2)
What about when you're in a bad mood? What about when you've just experienced a life-changing event and everything about you seems different? What about if you get food poisoning, get hit by a bus, get burned in a fire, get a brain tumor, or are just having a bad friggin' day?
That's how pattern classification works. You get a wide array of training data that contains variance across a ton of variables. Then, you use algorithms that can isolate the variable (or frequency band, or whatever) you care about
Re: (Score:2)
oh no, this is DARPA.
Guy on Deadman Switch suddenly develops cataracts, the skin falls off his hands and a killer virus destroys his larynx.
Meet you sixty miles up in about four minutes.
What if behaviours change? (Score:5, Insightful)
Memories (or notes) don't change radically. Ditto for biometrics. Yet behaviours do change, as soon as a person's priorities change. It may not happen often and there is probably a transition period, but I would be lying if I claimed that I am the same person I was a year ago.
For a group concerned about military security, like DARPA, denying access based upon behavioural changes may be appropriate. After all, it may demonstrate bribery or blackmail or some other change of heart. But for everyday transactions it is inappropriate. After all, would you want to be denied access to your money because you went from a greedy SOB to a charitable person (or vica versa).
Re: (Score:3)
For a group concerned about military security, like DARPA, denying access based upon behavioural changes may be appropriate. After all, it may demonstrate bribery or blackmail or some other change of heart.
Or getting shot at. Isn't the saying that life in the military consists of long stretches of boredom, occasionally interrupted by brief periods of utter terror? I'd hate to lose access to the network the moment I needed it most just because an IUD just put a shard of metal in my hand, making it difficult to talk or type at my normal rate.
Re: (Score:2)
Re: (Score:2)
Say that to the poor sod who has to handle communication networks in a combat zone :p
We already have better tech (Score:3)
Put a USB fingerprint reader on a key fob. The device makes a secure connection to the service requesting authentication and does its magic. Authentication is only accepted from readers registered to the account. For really secure access (banking and such), send an SMS to the user's validated cell phone or an email to their verified email account with a one-time code that the person has to enter before it expires in a minute or two.
There are plenty of ways we can provide secure authentication that doesn't rely on memorizing random character strings. Trouble is, "the world" needs to agree on a standard and implement it.
Re: (Score:2)
Fingerprint readers can be easily defeated ...
Now go away and do some bricklaying without gloves, and then try and access your computer ... oh sorry you won't have fingerprints for a week or so ...
Re: (Score:2)
In your scenario you haven't defeated the protection offered by the fingerprint reader, you've lost the utility of it.
Using a fingerprint reader for authentication is exactly the opposite principle compared to using fingerprints to identify criminals.
Re: (Score:2)
Re: (Score:2)
What you would ideally want is something that takes a n
Because the government would never violate ... (Score:2)
Guidorizzi expects researchers to take special care to ensure this program doesn't violate privacy laws or allow information about a user's identity to be misused by others.
Er ... this is for DARPA.
Stage 2 (Score:2)
Cue applications that polymorph and cue the use to change his/her behavior according to learned profiles.
Forget passwords. We use keys today. (Score:2, Interesting)
We know passwords don't work, so change the concept to keys. People understand keys. They know they aren't expected to remember them so they keep them safe on keyrings and a standard (preferably cross platform) OS service should be a keyring manager.
A password: twulriem
A short key: XiuPE&(K-8Ln:5;&S_?H'a/3
So instead of password fields, use key block fields. Expect that people will save the key in a key manager.
BQ)`0h9!*{yatTvqo,S
jNgf&_{W}ii'8UL/g
\pEaz{p?5N)lmU(&}(
%zLvcR[5r}6Kvmg-uk
6*f@2vo4D%
Contribute instead of complaining (Score:2)
Re: (Score:2)
Re: (Score:2)
So you are saying that you think the internet should be spying on every single thing everyone does and using all this spying to profile everyone.
It already is. I'd like to have it consolidated where I can review it and address any issues that arise. Including opting out of parts or all of it. Location data like this would necessarily be under privacy protection laws, so some company in Minnesota can't get info on my location unless I initiate some form of contact with them.
Re: (Score:2)
> How about you geniuses come up with workable suggestions?
Perhaps because some of the geniuses can easily see the problems but not the solutions/alternatives. I don't see why that is a bad thing.
Perhaps you don't need to be a genius to see the problems, but you do need to be a genius to come up with a solution; in which case, I suppose, literally, you weren't talking to them.
More accurate headline (Score:2)
Tracking mouse movements (Score:2)
That sounds like a great idea, until someone gets even a minor cut on a finger, has to hold their mouse differently for 2-3 days, and now can't identify themselves to their computer.
O Boy! (Score:2)
determine identity through the activities the user normally performs
Authentication thru masturbation.
What if something happens to me? (Score:2)
My house key will get you into my house, but the dog in my living room knows you're not me.
Great. What if i'm wearing a funny hat. will my computer refuse to let me in?
Re:Great. (Score:5, Funny)
That's not true. I don't browse Gizmodo.
Re: (Score:2)
Re: (Score:3)
Are you kidding? Gizmodo doesn't load with NoScript.
Re: (Score:2)
Not to mention 4chan, which Slashdot is gradually turning into anyway.
Cmdr. Moot, anyone? (runs)
Re:"Active" Authentication? (Score:4, Interesting)
Sounds worryingly Microsoft-ish.
Not that it's a problem in this case, since this system is doomed to fail before it even begins.
So many things wrong with this idea. I'd hate for my to change a little and all of a sudden I'm locked out.
I guess you'd be able to replace one Office Space drone with another ("I usually come in about 15 minutes late, i use the side door that way lumberg can't see me, then i just kinda space out for about an hour.")
Re: (Score:2)
So many things wrong with this idea. I'd hate for my to change a little and all of a sudden I'm locked out.
Why do people assume that "being resilient to mood change" is not part of the acceptance criteria of the solution ... DARPA wants a solution to replace password that works in practice, not just pick a random idea from a brainstorming session.
Re: (Score:2)
I often have a situation where three or four people need to temporarily share an account - how is that going to work?
Those three or four people should be placed in a group and the group given access to whatever temporarily. You're mixing the issues of authentication and access there.