February 17, 2017 -
Researchers at the University of Surrey have developed an ‘all in one’ authentication system that will allow users to verify identity using their face, eyes or fingerprints — either in combination with or instead of word-based systems — on their computers.
Pass∞, developed by the Department of Computer Science’s Dr Shujun Li and PhD student Miss Nouf Aljaffan, is backward-compatible with existing computer systems enabling it to be easily added to all systems immediately with little or no alterations made to the existing infrastructure.
Through Pass∞, users are able to generate significantly more complicated passwords that are still easy to remember, making them more difficult for hackers to crack.
Pass∞ makes it easier for organizations and service providers to implement and maintain user authentication systems, while enabling users to combine several different authentication methods for proving their identities.
The technology preserves the overall user experience with text-based passwords, biometrics-based authentication systems and multi-factor authentication systems.
The technology offers user-friendly free combinations of multiple authentication actions, including entering normal passwords, styling some characters, selecting a picture, clicking some points on a picture, drawing something on a picture, showing the user’s face in front of a webcam, and adding the user’s current geolocations.
“The new technology will give both end users and organizations a simple and easy to use system that has great flexibility and agility,” Dr Shujun Li, a deputy director of the Surrey Centre for Cyber Security (SCCS) and co-inventor of Pass∞, said: “This is definitely among the biggest ideas and the most exciting research work I have been working on at the University of Surrey for over five years.
”What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general. The new technology, which is in its final stages of development, will give both end users and organizations a simple and easy to use system that has great flexibility and agility to incorporate all known user authentication factors and many (if not all) known systems in a single framework and user interface.”
The researchers believe that Pass∞ could potentially increase both the security and the usability of passwords because the technology is able to create a significantly longer yet easy-to-remember password from a shorter sequence of authentication actions.
Pass∞ can also be used at either server or client side. When implemented at the client side, it can be developed as an advanced ‘password manager’ and/or a web browser extension, allowing it to work with any remote servers.
When it is deployed at the server side, the server can provide more options to end users, such as allowing them to decide their preferred biometric authentication method and how to combine them.
The University of Surrey has filed a patent application on the new technology. In addition, the researchers have partnered with tech transfer specialists Crossword Cybersecurity plc to conduct market research and are encouraging the public to provide feedback on the new technology.