Where does your brain store computer passwords

Category - Faces in a crowd provide an alternative to passwords

Will Knight

Familiar faces could replace complex and hard-to-remember computer passwords when a security system developed in the US starts up.

Rather than requiring users to memorize a series of letters and numbers before granting access to a computer, the new system prompts them to select a pre-agreed set of faces from several grids of other faces.

The system was developed by a company called Passfaces based in Maryland, USA. A series of randomly chosen faces is difficult for an attacker to guess, but easy to remember for a user, the company said.

"Part of the human brain has evolved specifically to remember and recognize faces," says CEO Paul Barrett. "While you have to make a conscious effort to store and retrieve passwords, the processes involved with faces are completely intuitive."

According to Barrett, a Passfaces authentication system that asks a user to choose five faces from five different grids of nine faces is roughly equivalent to a random seven-digit password. You can find a demo version of the system here.

Human factor

The Passfaces system can be used to control access to any system that can display images - websites and handheld devices, as well as desktop computers. Barrett admits, however, that it may not be suitable in every situation as it takes an average of 5 to 10 seconds to authenticate a person. "This may not be acceptable for applications that require the user to re-authenticate several times a day," he says.

Some experts say the idea could be welcomed by both users and computer support staff who currently rely on either insecure or complex and hard-to-remember passwords. "It's a really interesting area of ​​research," says Bruce Schneier of Counterpane Security in California, USA.

According to Schneier, the system fixes an important computer security issue that is often ignored. "Anything that addresses the human factor is a good thing," he notes.

Cute kittens

Masakatsu Nishigaki, an expert on image-based authentication systems at Shizuoka University in Japan, agrees that faces could make an ideal replacement for conventional passwords. “Even for humans, it is hard to remember unclear, or meaningless, images,” he says.

But he adds the system could also have its own unique drawbacks. For example, it could be easier for someone to watch over a person's shoulder as they select their faces on a screen

Images are often used by websites to distinguish between human and computer visitors online. You can try this authentication system, called KittenAuth, here.