New password would be generated daily based on online activity.
By Sreejith Vallikunnu
Researchers at Indian Institute of Technology, Kharagpur, have found an alternative solution to remembering multiple passwords for accessing online accounts.
According to The Times of India, the alternative system will allow users to bypass password-based authentication on their personal devices and instead ask them a set of questions based on their recent online/digital activity.
If you are able to answer these questions correctly, a new password for the day would be generated that is unique to you and cannot be permeated.
The project has been managed by the computer science engineering faculty of IIT-Kharagpur and faculty at the universities of Texas and Illinois. The two investigators at Texas and Illinois are also alumni of IIT Kharagpur, the report said.
“Though it might sound a bit complicated, it is not so. We have been able to show how it is possible to extract ‘adequate secrets’ by observing the user’s activity logs from social networking sites, browsing history, call logs, and SMSes and then use those to frame questions,” Niloy Ganguly, a senior computer science faculty member and the principal investigator of the project, was quoted as saying.
“In order to access a certain website on your smartphone, you could be asked, who called you from Mumbai last evening or which song did you listen to during lunch hour today,” he added.
“A good mix of activity sources are considered during the challenge set generation which could comprise of three questions – one drawn from phone call history, one from face messaging and another from browsing history,” said Romit Roychowdhury to the Times. Roychowdhury has been leading the team from the University of Illinois.