April 15, 2008
With apologies to Mark Twain, it seems as though everyone talks about passwords, but nobody ever does anything about passwords. So the recent visit by Nicolas Christin, from CyLab Japan, sparked interest at Q-CERT and at Carnegie Mellon University's Qatar campus. Christin's students have been working on ways to address two issues with traditional passwords: they are hard to remember, and they can be observed by evildoers. The students at CyLab Japan realized that humans are excellent at visual pattern recognition, and they have produced a system that uses distorted versions of pictures provided by users as easy-to-remember passwords. There is a demo of the system on their web site. Another of the students' projects examines the feasibility of supplementing traditional password mechanisms with a hidden tactile channel to defeat observation attacks.
Christin was in town exploring the possibilities for collaboration in information security between Qatar and Japan. "The organizational affiliation between CyLab Japan and CMU make such cooperation very natural," Christin said.