Online passwords are a pain. We have too many of them, they’re too hard to remember, and even with six or more characters (including a capital letter and a symbol!), they still feel vulnerable to hackers. Clearly something has to change, but efforts to overhaul traditional password systems haven’t gotten very far.
A team of engineers has a new idea, though. Rather than ask you to remember dozens of passwords, it simply asks you to remember the name of the last person you text messaged with.
The system, which was described recently in a paper posted online at the University of Illinois at Urbana-Champaign, draws on the constant flow of activity in our online lives to create rapidly changing passwords that are easily known to the user, but very difficult for others to guess.
“We are have mobile phones, laptops, tablets, the Apple watch, Google Glass,” says Swadhin Pradhan, a doctoral student in computer science at the University of Texas and a co-author of the paper. “If we can somehow capture data from those things then we can do away with the current password thing.”
Pradhan and his collaborators came up with software they call ActivPass that operates in the background of your devices, collects information about your activity, and repurposes it as security questions. The questions can be multiple-choice or open-ended and can do with anything from the last song you listened to, to the name of a website you visited recently, to photos you liked on Facebook, apps you’ve recently uninstalled, or people you talked to on the phone.
Pradhan sees a couple of key advantages to this system. One favors all of us, the other favors The Man. The benefit for all of us would be that passwords would cease to exist as this external thing we need to keep track of and instead would emerge naturally from the way we use technology. The benefit to corporations is that ActivPass would make it harder for parents to share online subscription services with their kids. A Consumer Reports survey conducted earlier this year found that 46 percent of subscribers to streaming services share their passwords with people outside their households. Pradhan estimates this costs services like HBO Go and Hulu tens or even hundreds of millions of dollars in lost subscriber revenue each year. With ActivPass, the password would constantly be changing; in order to watch Game of Thrones on your parents’ dime, you’d have to call your mom and ask her what she bought on Amazon that morning.
Of course, the idea of a third-party service keeping tabs on what you browse is a little creepy. ActivPass is still in the very early stages of development, and Pradhan says that privacy settings will be a main concern. In particular, users will be able to choose the kinds of info they want collected as password fodder, which opens the possibility of ActivPass doubling as a behavior management tool — a password nag that makes you answer for the ways you’ve wasted time online.
Kevin Hartnett is a writer in South Carolina. He can be reached at firstname.lastname@example.org.
Correction: An earlier version of this story gave an inaccurate estimate of how much money HBO loses as a result of streaming subscribers sharing passwords with non-subscribers.