KOLKATA (TIP): If you are hassled using multiple passwords for accessing your accounts, you can breathe easy. Experts at IIT Kharagpur have come up with a solution that won’t tax your memory. Instead of a password, you may be asked a few questions such as what was the last call you received or the latest song you downloaded. Answer them and you get access.
The innovation has been lauded by MIT and has gone viral in foreign media. The breakthrough claims to make you 95% safer online, which has taken the world by storm. Efforts are on to achieve the remaining five percent.
The project has been jointly handled by the computer science engineering faculty of IIT Kharagpur and the universities of Texas and Illinois. Interestingly, the two investigators at Texas and Illinois are also alumni of IIT Kharagpur. The idea was to bypass the multiple passwords that we juggle at all times for the plethora of online and digital interactions that we engage in daily. The alternative system will allow you to bypass password-based authentication on your personal devices and instead ask you a set of questions based on your recent online/digital activity. If you are able to answer these correctly, a new password for the day would be generated that is unique to you and cannot be permeated.
“Though it might sound a bit complicated, it is not so. We have been able to show how it is possible to extract ‘adequate secrets’ by observing the user’s activity logs from social networking sites, browsing history, call logs, and SMSes and then use those to frame questions,” explained Niloy Ganguly, a senior computer science faculty member and the principal investigator of the project.
“In order to access a certain website on your smartphone, you could be asked, who called you from Mumbai last evening or which song did you listen to during lunch hour today,” he added.
Questions could come in two formats, either text-based or multiple choice (MCQ). They change for every instance of authentication, and a single breach cannot cause permanent damage. For example, a user may be posed a set of three questions and will be authenticated even if he can answer two correctly. “A good mix of activity sources are considered during the challenge set generation which could comprise of three questions -one drawn from phone call history, one from face messaging and another from browsing history,” said Romit Roychowdhury, who has been leading the team from the University of Illinois. With a 95% success rate, the three institutions are now entering into understandings with e-commerce sites, especially those that deal with net flicks (online entertainment) to test run their system.