Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Develop "Narrative Authentication" System

Posted by samzenpus on from the tell-me-about-yourself dept.

hypnosec writes "Researchers have developed a 'narrative authentication' system that could put an end to the need of remembering complex passwords to logging onto computer systems. The new system has been developed by Carson Brown and his colleagues over at Carleton University in Ottawa, Canada. The main idea behind the system is to log a user's activities on the system or any other device that he/she may be using and then ask questions about them when they login next time. Users can interact with the logging software and add their own events in the real world like wedding dates, holidays, travel dates, etc."

11 of 117 comments (clear)

  1. B.S. For funding by Great+Big+Bird · · Score: 5, Insightful

    Sounds like useless bullshit produced to get funding dollars.

    1. Re: B.S. For funding by Anonymous Coward · · Score: 5, Insightful

      Cynic. How can you not believe in something that tracks your computer use and then lets you add commonly known dates as additional verification? There's no way a co worker will ever be able to log into your account at work, or a family member at home.

      BTW, who wants to play 20 questions when logging in and what company gets to own the data about your computer use?

    2. Re: B.S. For funding by neoritter · · Score: 3, Funny

      I tried this and ended up with a closet full of dead puppies...

  2. No, thank you. by Parsiuk · · Score: 5, Insightful

    I'm sick of "intelligent" systems which are making my life more and more complicated.

  3. i'm drunk and i don't remember my activities by Anonymous Coward · · Score: 4, Funny

    lemme in ya fukcin piceec of shhhtt!!!!!!

  4. Gosh... by fuzzyfuzzyfungus · · Score: 4, Insightful

    An authentication system that combines the fun of 'intelligent' phone-tree voice recognition 'expert' systems with the assumption that biographical trivia are anything other than hilariously public.... Where do I sign up?

  5. XKCD FTW by Gothmolly · · Score: 5, Insightful

    I'll just leave this right here

    https://xkcd.com/936/

    --
    I want to delete my account but Slashdot doesn't allow it.
  6. Retarded by Hognoxious · · Score: 4, Insightful

    Last time I forgot a gmail password it did this. Something like the last 3 people I'd emailed, and the last three I'd received emails from and some other tripe. I don't mean the magic "first pet dog's name" question or anything like that.

    I remembered my password before I even got close to figuring any of that shit out.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    1. Re:Retarded by Frankie70 · · Score: 4, Funny

      I remembered my password before I even got close to figuring any of that shit out.

      So it worked.

  7. Sounds like a plan! by RenHoek · · Score: 4, Insightful

    Yes, because a site breach wasn't annoying enough yet when they take all of the passwords. Let's give them more information which to do spearphising with.

  8. A co-author's thoughts by soma · · Score: 5, Informative

    Hello. I'm one of the co-authors of the workshop paper that inspired this article. I say "inspired" because the article is completely misleading.

    First off, the paper was a position paper. It was primarily speculation about how we could do authentication in the future. The idea behind it was that humans are bad at remembering very specific facts but are very good at remembering stories - narratives. What would it mean to authenticate using stories? Think about how you'd verify the identity of a friend communicating via text message from an unknown phone number or account. Make a computer do that.

    And yes, fully developed such a system would be AI-complete. But I think there are lesser incarnations that might be usable and secure. But that is just educated speculation on my part.

    Now the paper did present a simple example of how you could do something kinda-narrative-like using text adventures (yes, think Zork). Such a system isn't discussed in more detail because there are many usability challenges. But it can be done. Carson Brown got his Master's thesis in fact by by building such a system. (Yes, I was his advisor.)

    If anyone wants to build a PAM module based on Inform 7 drop me a line. Could be fun! But it won't be practical.

    If you want to learn more, the paper is "Towards narrative authentication, or, against boring authentication.". The workshop in question is the New Security Paradigms Workshop.

    And in case you were wondering, none of us are doing any follow-up work on this right now. But I'm always open to collaboration opportunities. :-)

        --Anil Somayaji