Project Completed: January 2017
This work develops an authentication scheme that is less secure than passwords, but is simpler to use and resistant to sharing. Our core idea is to observe users’ activities from the recent past and extract questions from them that, ideally, only the user can answer but others cannot. Example questions could be “from whom did you get the first call this morning?” or a multiple-choice format that does not require much typing – “which news site did you NOT browse this morning: CNN, NYT, Slashdot, Wired”. Given that today’s users perform various activities jointly with their computing devices, we believe that adequate “secrets” can be extracted, enabling this alternative form of authentication.
This work employs the core idea that outliers in the user’s activities (rare activities) offer opportunities for generating passwords. Intuitively, outlier events are easy to remember and difficult to guess. This intuition is tested and substantiated by this study.
This study developed ActivPass, a dynamic authentication system that mines the user’s daily activities to extract passwords. While ActivPass may not apply to services that require strict authentication, it is candidate for alleviating the problem of password sharing. Even though users might share their passwords once, they are generally unwilling to continuously share their daily (atypical) activities with others. This can prevent Bob from perennially reusing Alice’s (Netflix) password, just because she shared the password once. Experiment results from a large set of university volunteers demonstrate promising results with the system achieving up to 95% success rate. Notably, while being able to distinguish between real and impersonating users, our system was successful in identifying volunteer users and did not penalize them for failing to recall their past activities. In reality, however, a user has a stronger incentive to recall her past to be able to answer the password question correctly — in such situations, the performance could improve further.