{"id":75588,"date":"2015-03-03T21:50:00","date_gmt":"2015-03-04T02:50:00","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-24T13:20:47","modified_gmt":"2021-08-24T17:20:47","slug":"new-authentication-fingerprints-how-you-move","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/new-authentication-fingerprints-how-you-move\/","title":{"rendered":"New Authentication &#8216;Fingerprints&#8217; How You Move"},"content":{"rendered":"<p><a href=\"http:\/\/hothardware.com\/News\/ElcomSofts-Internet-Password-Breakers-Scares-the-Crap-Out-of-Us\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-105281\" title=\"New Authentication 'Fingerprints' How You Move\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Password_Dog-5.jpg?resize=120%2C90&#038;ssl=1\" alt=\"New Authentication 'Fingerprints' How You Move\" width=\"120\" height=\"90\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Password_Dog-5.jpg?resize=150%2C113&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Password_Dog-5.jpg?resize=75%2C56&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Password_Dog-5.jpg?w=500&amp;ssl=1 500w\" sizes=\"auto, (max-width: 120px) 100vw, 120px\" \/><\/a>We all know that <strong>passwords are hideous<\/strong> things. They take up to much time and are not that effective. In fact, <a title=\"Gartner\" href=\"https:\/\/www.gartner.com\/technology\/home.jsp\" target=\"_blank\" rel=\"noopener noreferrer\">Gartner<\/a> (<a title=\"NYSE : IT\" href=\"https:\/\/www.nyse.com\/quote\/XNYS:IT\" target=\"_blank\" rel=\"noopener noreferrer\">IT<\/a>) says that password resets represent <a title=\"Gartner Highlights Four Myths Surrounding IT Self-Service\" href=\"https:\/\/web.archive.org\/web\/20190102074058\/https:\/\/www.gartner.com\/newsroom\/id\/1426813\" target=\"_blank\" rel=\"noopener noreferrer\">30% of help desk calls<\/a>. Readers of <a title=\"Bach Seat\" href=\"https:\/\/rbach.net\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Bach Seat<\/em><\/a> know that the most common <strong>hacked passwords<\/strong> change very little from year to year.<\/p>\n<p><a href=\"http:\/\/techtalk.pcpitstop.com\/2012\/06\/11\/ask-leo-how-do-i-choose-a-good-password\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105283\" title=\"remembering effective passwords is difficult\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/passwoed_hand.jpg?resize=100%2C100&#038;ssl=1\" alt=\"remembering effective passwords is difficult\" width=\"100\" height=\"100\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/passwoed_hand.jpg?w=150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/passwoed_hand.jpg?resize=75%2C75&amp;ssl=1 75w\" sizes=\"auto, (max-width: 100px) 100vw, 100px\" \/><\/a>Generating and remembering effective passwords is difficult and unnatural. A lot of us are awful at it and there&#8217;s almost no improvement in the list of most common passwords from year to year (<em>as I most recently covered <a title=\"Password Insecurity \u2013 2015\" href=\"https:\/\/wp.me\/p2wgaW-uw\" target=\"_blank\" rel=\"noopener\">here<\/a><\/em>). Meanwhile, computers improve their ability to crack passwords by brute force and cunning <em>every<\/em> year.<\/p>\n<p>So where there is chaos this is profit. A new area of research is to <strong>replace passwords with a users&#8217; behavior<\/strong>. <a title=\"Mark Stockley\" href=\"https:\/\/nakedsecurity.sophos.com\/author\/markstockley\/\" target=\"_blank\" rel=\"noopener noreferrer\">Mark Stockley<\/a> at <a title=\"Sophos\" href=\"https:\/\/web.archive.org\/web\/20240415214827\/https:\/\/www.sophos.com\/en-us\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos\u2019<\/a> <a title=\"Naked Security\" href=\"https:\/\/nakedsecurity.sophos.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Naked Security <\/em>blog<\/a>, <a title=\"US Military wants to replace passwords with &quot;cognitive fingerprints&quot;\" href=\"https:\/\/nakedsecurity.sophos.com\/2015\/01\/29\/us-military-wants-to-replace-passwords-with-cognitive-fingerprints\/\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> that researchers at <a href=\"https:\/\/web.archive.org\/web\/20181218204549\/https:\/\/www.usma.edu\/SitePages\/Home.aspx\">West Point<\/a> are working to get rid of passwords. The Cadets are working to produce a new <strong>identity verification system based on users&#8217; behavior<\/strong>, described as a next-generation biometric capability. The research is being developed as part the <a title=\"active authentication \" href=\"https:\/\/web.archive.org\/web\/20150423170137\/http:\/\/www.darpa.mil:80\/Our_Work\/I2O\/Programs\/Active_Authentication.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">active authentication program<\/a> run by <strong><a title=\"DARPA\" href=\"https:\/\/web.archive.org\/web\/20201003080553\/https:\/\/www.darpa.mil\/default.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">DARPA<\/a><\/strong>.<\/p>\n<p>Th<a href=\"https:\/\/web.archive.org\/web\/20170929224503\/http:\/\/itersnews.com\/?p=32056\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105286\" title=\"next generation biometric capability\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/biometrics_robot-e1569092380646-138x150.png?resize=92%2C100&#038;ssl=1\" alt=\"next generation biometric capability\" width=\"92\" height=\"100\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/biometrics_robot-e1569092380646.png?resize=138%2C150&amp;ssl=1 138w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/biometrics_robot-e1569092380646.png?resize=69%2C75&amp;ssl=1 69w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/biometrics_robot-e1569092380646.png?w=180&amp;ssl=1 180w\" sizes=\"auto, (max-width: 92px) 100vw, 92px\" \/><\/a>e article explains that<strong> authentication<\/strong> has traditionally relied on users producing one or more of the following: <strong><em>something you know<\/em><\/strong> (such as a password or PIN), <em><strong>something you have<\/strong><\/em> (such as a number from an RSA key) or <strong><em>something you are<\/em><\/strong> (such as your fingerprints or face.) The technology that West Point is working on called, behavior-based <a title=\"Biometrics\" href=\"http:\/\/en.wikipedia.org\/wiki\/Biometrics\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">biometrics<\/a>, adds another factor to the mix:<em><strong> something you do<\/strong>.<\/em><\/p>\n<p>According to DARPA the first phase of the active authentication program will focus on biometrics that can be captured through existing technology, such as analyzing how the user handles a mouse or how they craft the language in an email. The contract document, reported by <a title=\"Yahoo\" href=\"https:\/\/uk.finance.yahoo.com\/news\/military-signs-deal-next-gen-032935608.html\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Yahoo Finance<\/em><\/a>, describes the technology as a &#8220;<strong>cognitive fingerprint<\/strong>.&#8221;<\/p>\n<p style=\"text-align: justify; padding-left: 30px;\"><em><a href=\"https:\/\/web.archive.org\/web\/20150712002848\/http:\/\/www.canadianbfrb.org:80\/find-a-treatment-provider\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105288 size-thumbnail\" title=\"cognitive fingerprint\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/fingerprint.jpg?resize=75%2C75&#038;ssl=1\" alt=\"cognitive fingerprint\" width=\"75\" height=\"75\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/fingerprint.jpg?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/fingerprint.jpg?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/fingerprint.jpg?w=346&amp;ssl=1 346w\" sizes=\"auto, (max-width: 75px) 100vw, 75px\" \/><\/a>&#8230;when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a &#8216;cognitive fingerprint&#8217;<\/em><\/p>\n<p>Cognitive fingerprints will offer significant advantages over existing forms of authentication. According to <em>Sophos<\/em>, the new technology has several <strong>advantages over passwords<\/strong> because they do not:<\/p>\n<ul>\n<li>Require specialized hardware required by biometrics and<\/li>\n<li>Rely on users remembering strong passwords, something humans are naturally bad at.<\/li>\n<\/ul>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105290 \" title=\"authenticate users\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/lock_key_old.jpg?resize=90%2C77&#038;ssl=1\" alt=\"authenticate users\" width=\"90\" height=\"77\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/lock_key_old.jpg?resize=75%2C64&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/lock_key_old.jpg?resize=150%2C128&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/lock_key_old.jpg?w=360&amp;ssl=1 360w\" sizes=\"auto, (max-width: 90px) 100vw, 90px\" \/>Cognitive fingerprints should also give systems the ability to <a title=\"Authentication\" href=\"http:\/\/en.wikipedia.org\/wiki\/Authentication\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">authenticate<\/a> users continuously, keeping people logged in so long as they&#8217;re present and then logging them out as soon as they leave.<\/p>\n<p><a title=\"Nancy Gohring\" href=\"https:\/\/web.archive.org\/web\/20160329070441\/http:\/\/www.fierceitsecurity.com\/author\/ngohring\" target=\"_blank\" rel=\"noopener noreferrer\">Nancy Gohring<\/a> at <a title=\"FierceITSecurity\" href=\"https:\/\/web.archive.org\/web\/20160729153456\/http:\/\/www.fierceitsecurity.com:80\/?\" target=\"_blank\" rel=\"noopener noreferrer\"><em>FierceITSecurity<\/em><\/a> recently <a title=\"How Alohar hopes to &#039;fingerprint&#039; the way you walk for new authentication tool - FierceITSecurity\" href=\"https:\/\/web.archive.org\/web\/20160304020453\/http:\/\/www.fierceitsecurity.com\/story\/how-alohar-hopes-fingerprint-way-you-walk-new-authentication-tool\/2015-02-18\" target=\"_blank\" rel=\"noopener noreferrer\">wrote<\/a> about a similar approach to <strong>user behavior authentication<\/strong>. <strong><a title=\"Alohar Mobile\" href=\"https:\/\/web.archive.org\/web\/20131216141811\/https:\/\/www.alohar.com\/developer\/\" target=\"_blank\" rel=\"noopener noreferrer\">Alohar Mobile<\/a><\/strong>,\u00a0now owned by <a title=\"Alibaba\" href=\"http:\/\/www.alibaba.com\/us\" target=\"_blank\" rel=\"noopener noreferrer\">Alibaba<\/a>, has figured out a way to use the sensors in mobile phones to create a profile of the <strong>unique way that you walk<\/strong>, using that &#8220;fingerprint&#8221; for authentication. <a title=\"Sam Liang\" href=\"https:\/\/www.linkedin.com\/in\/samliang\" target=\"_blank\" rel=\"noopener noreferrer\">Sam Liang<\/a>, Alohar&#8217;s founder, and CEO has claimed, &#8220;<em>We have a system that allows the payment system to use the location tracking and the motion sensor to <strong>authenticate and detect fraud<\/strong><\/em>.&#8221;<\/p>\n<p><a href=\"https:\/\/www.prnewswire.com\/news-releases\/solo-launcher-and-alibabas-alohar-mobile-build-the-worlds-first-contextually-intelligent-launcher-300084052.html\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105292 \" title=\"Alohar logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/alohar_logo-e1569092515408-75x38.png?resize=95%2C48&#038;ssl=1\" alt=\"Alohar logo\" width=\"95\" height=\"48\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/alohar_logo-e1569092515408.png?resize=75%2C38&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/alohar_logo-e1569092515408.png?w=140&amp;ssl=1 140w\" sizes=\"auto, (max-width: 95px) 100vw, 95px\" \/><\/a>According to Ms. Gohring, Alohar&#8217;s patent describes a host of unique biometric pattern patterns the firm can collect from the <strong>phone&#8217;s accelerometer and gyroscope<\/strong> to identify the person using the phone. They include:<\/p>\n<ul>\n<li>The speed\/cadence\/pace at which the mobile user normally walks<\/li>\n<li>The &#8216;bounce&#8217; of the mobile device in a person&#8217;s pocket, bag or purse as they walk or run<\/li>\n<li>The motion pattern when a person reaches for their mobile device in a pocket<\/li>\n<li>How the user moves the device to their ear<\/li>\n<li>Even the angle they hold the mobile device.<\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.mlive.com\/living\/grand-rapids\/index.ssf\/2010\/04\/surf_vs_rockabilly_the_tale_of.html\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105294\" title=\"collecting data about a user's movements\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chuck_T_all-star-e1569092610211-75x52.jpg?resize=138%2C95&#038;ssl=1\" alt=\"collecting data about a user's movements\" width=\"138\" height=\"95\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chuck_T_all-star-e1569092610211.jpg?resize=75%2C52&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chuck_T_all-star-e1569092610211.jpg?resize=150%2C103&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chuck_T_all-star-e1569092610211.jpg?w=348&amp;ssl=1 348w\" sizes=\"auto, (max-width: 138px) 100vw, 138px\" \/><\/a>After collecting data about a user&#8217;s movements, the system would <strong>create a profile of the user<\/strong>. When the person tries to use the phone to buy something in a store, the system would compare the user&#8217;s profile against the recent movements of the person using the phone, making sure they match. If they don&#8217;t, the retailer can ask the user for other forms of identification. The system could work similarly for e-commerce transactions.<\/p>\n<p>The patent describes other uses for the <strong>profiling system<\/strong> beyond authentication. The article claims the inventor describes a scenario where if a user often goes to an elementary school or a daycare center, the service could <strong>send targeted advertising<\/strong> or information about kid-related events to the user.<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20140407022328\/http:\/\/www.connectedrogers.ca:80\/news\/the-bucket-list-more-data-same-price\/\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-105296\" title=\"collect even more data\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bucket_numbers-e1569092704802-59x75.jpg?resize=79%2C100&#038;ssl=1\" alt=\"collect even more data\" width=\"79\" height=\"100\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bucket_numbers-e1569092704802.jpg?resize=59%2C75&amp;ssl=1 59w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bucket_numbers-e1569092704802.jpg?resize=118%2C150&amp;ssl=1 118w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/bucket_numbers-e1569092704802.jpg?w=352&amp;ssl=1 352w\" sizes=\"auto, (max-width: 79px) 100vw, 79px\" \/><\/a>In the future, Mr. Liang hopes to be able to <strong>collect even more data<\/strong> from more kinds of devices, like fitness trackers and health monitors. He told <em>FierceITSecurity,<\/em> &#8220;In the future, the phone will be able to tell, are you happy or depressed based on the way you walk, the speed you move around, the way you swing the phone,&#8221; he predicted.<\/p>\n<p><em><strong>rb-<\/strong><\/em><\/p>\n<p><em>Biometrics has been waiting in the wings as the Next Big Thing in authentication for years. Transparent, behavior-based biometrics like those being developed by Alohar and West Point could give the nudge that&#8217;s needed to push biometrics into the mainstream, but Sophos&#8217; Stokely argues there are two <strong>major obstacles<\/strong> to the widespread adoption of biometrics.<\/em><\/p>\n<ul>\n<li><em>You <strong>can&#8217;t change your biometrics<\/strong> \u2013 How do you change yourself if your biometric password is compromised?<\/em><\/li>\n<li><em>For all the frustration that comes with remembering (and forgetting) our passwords, we know and feel, tangibly, that they&#8217;re <strong>under our control<\/strong>.<\/em><\/li>\n<\/ul>\n<p><em>Behavior-based biometrics will happen invisibly, while convenient but it will require us to be comfortable <strong>ceding that feeling of control<\/strong> too, says Mr. Stockley.<\/em><\/p>\n<p><em>Behavior-based biometrics will draw the ire of <strong>privacy advocates<\/strong> for its invisible, seamless identification and roots in the military, as it may allow for wider monitoring of society.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"http:\/\/www.biometricupdate.com\/201503\/qualcomm-technologies-releases-ultrasonic-based-3d-fingerprint-authentication-solution\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Qualcomm Technologies releases ultrasonic-based 3D fingerprint authentication solution<\/a> (biometricupdate.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Behavioral authentication fingerprints how you walk, where you go or hold your phone to silently track you<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3277,2386,2099,1452,2383,1706,2213,209,4,2384,2385],"class_list":["post-75588","post","type-post","status-publish","format-standard","hentry","category-security","tag-3277","tag-alohar-mobile","tag-authentication","tag-biometrics","tag-cognitive-fingerprints","tag-darpa","tag-multi-factor-authentication","tag-password","tag-security","tag-user-behavior","tag-west-point"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/75588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=75588"}],"version-history":[{"count":20,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/75588\/revisions"}],"predecessor-version":[{"id":130955,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/75588\/revisions\/130955"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=75588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=75588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=75588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}