Computer-based systems and services are often configured to grant access only to authorized users. A simple yet effective mean of authorization is to ask the user to enter some secret information (authorization code) known only to authorized users and the system or service. In many cases, for increased security, the computer does not store the authorization code, but some related information, like its hash or digest, a pre-defined value encrypted using the code, or similar. The information can be easily computed from the authorization code, but computing the code back from the information is not feasible. Authorization can be anonymous, that is, without computer checking or even knowing the user's identity. An example of anonymous authorization is entering a calling card number when placing a phone call. The machine which validates the code and grants connection does not know the identity of the caller, nor any other personalized information.
For accessing personal data or personalized services, authorization is usually tied to user identification. In such cases, the secret information have the purpose of authenticating the user. Obtaining access to a system or service is a two-step process: First, the user provides an identification, commonly referred to as “user name” or “log-in name”, which is normally not confidential. Some operating systems allow the user to choose a user account from a displayed list of available accounts. Such systems may also allow users to choose an image to be displayed in the list, beside or instead of the user name. In the second step, the user provides a secret code, mostly referred to as “password”, “personal identification number”, or, abbreviated, “PIN”, which is associated with the identification. Only the legitimate user is supposed to know the password for the user name and the access is granted only if the provided user name and the password match. In some systems, for increased security, additional access codes can be required. For example, some on-line banking services, in addition to authenticating the user, require a unique transaction authorization number (“TAN”) for every transaction.
The above, two-step, log-in/password process is often used even when simple authorization (anonymous authorized access) is the actual purpose. For example, in Unix-like operating systems there is only one “root” user account, but there may be many system administrators who need to have “root” privileges. In such case, the same root password is used by all administrators. The user name “root” is not used in a sense to identify a user or administrator, but to request a certain privilege level, and the password serves as the authorization code, the proof that the user is one of the administrators.
The user name/password authentication scheme is very popular because of its low cost and simple implementation and usage. But, it has its drawbacks. For a reasonable security, the password must be hard to guess by an adversary, which is commonly achieved by choosing a long and complex password. Most users have difficulties memorizing such passwords and might be tempted to write them down. If the paper (or other carrier) with the password gets lost or stolen, its owner loses the ability to access the system or service, but the founder/thief gets it. Even worse, the password may be copied without user's knowledge, so the user is not even aware of the attack. If the same password is used for accessing different services, they all get compromised by a single attack. Therefore, security-savvy users chose many different passwords, preferably one for each service they use. The highest security is obtained by having a different, complex password for every service and memorizing all these passwords, but, as noted above, this is too difficult for most users.
Because forgetting a password is such a common problem, most password-based services offer their users a possibility to recover it, generate a new password, or to display hints to it. In the former two cases, the new or recovered password is usually communicated to the user over a separate channel, e.g. over e-mail. The underlying assumption is that only the user can access the e-mail. In other words, the security of the new password is tied to the security of the user's e-mail account. If the e-mail account gets compromised, the attacker can obtain access to every other service which offers this kind of password recovery. Alternatively, the password can be recovered or a new one generated only after the user gives a correct answer to a security question, for example “What is your mother's maiden name”. This approach either reduces security, because the security question is easy to answer, or, if the question is hard, the answer is yet another secret code to remember. In the setup where the user can request hints to the password, the security of the system depends solely on the security of the hints. As with the security question, either the hint is explicit and can also help the attacker, or it is convoluted and of little help to the user.
Theoretically, users could use the above password recovery schemes to avoid memorizing passwords, except the one for the e-mail account or the answer to security question or hint. For each access to a service, they could claim to have forgotten the password and generate a new one. In practice, however, this is not very convenient, because additional steps must be performed to gain access to the account and because, if the e-mail channel is used, sending the password is likely to take some time, usually between several seconds and several minutes. Also, the new password should remain secret until obsoleted by a yet newer one. If it is displayed to the user, there is a danger that someone else could also obtain knowledge of it, for example by looking over the user's shoulder.
To relieve users from the need of memorizing long and complex passwords, authentication can be based on hardware in user's possession, like a smart card or some other hardware token. Although copying such tokens is usually too expensive for an attacker, they are usually easy to steal or lose, similar to a piece of paper with the password written on it. Therefore, pure hardware-based authentication methods are rare and in most cases the user is still required to provide some secret code in addition to the token. Since most of the security comes from the token, passwords can be shorter and simpler than in pure password-based authentication. The drawback of this approach is that it requires a costly hardware infrastructure for reading the tokens. For example, if a web-based e-mail service were to authenticate its users by smart cards, the users would need to have a smart card reader available wherever they access the service: at home, at work, from Internet cafés etc. Such a wide infrastructure of smart card readers currently does not exist and, taking into account that smart cards are a 30 years old technology, probably never will.
Instead of authenticating users based on what they know (the password) or possess (the token), authentication can be based on users' biometric properties, like fingerprints, iris or face appearance, properties of their voice, and similar. Although effective, these approaches are mostly complex to implement and use and, like token-based authentication, require costly hardware infrastructure. Also, there are privacy issues involved. For example, fingerprints are sensitive personal information and users might be reluctant to make them known to third-party readers or services.
Software-based password enhancement methods may trade password complexity for some other information which are supposedly easier to remember, for example pace or rhythm at which they are entered. Such methods are inexpensive and increase password security, but they do not relieve users from the need to memorize different passwords for different services. The advantage of these other information being perhaps easier to memorize is offset by the inconvenience of entering them.
Preferably, the authentication method should be as easy to use as current password-based methods, require no additional devices, induce no or only marginal additional costs to deploy, and relieve users from memorizing many complex passwords without compromising security. An authentication method satisfying these criteria is disclosed here.