Effective security controls that are put in place to control access to secure resources (e.g., servers, email accounts, bank accounts, applications, data, etc.) remain a critical challenge as the threat of hackers and like become more and more commonplace. Current security controls rely heavily on password based mechanisms. Examples include: (a) preventive controls that use password authentication to block out unauthorized people; (b) detective controls that detect incorrect passwords and, e.g., send out warnings and/or disable access if entered incorrectly multiple times; and (c) corrective controls that use additional alternative accounts (with passwords) to store/retrieve information for recovery.
Unfortunately, password based systems are vulnerable to various types of breaches, including brute force attacks, fishing attacks, spoofing, social engineering, etc. In addition, a user may write down and/or share their passwords, or use the same password for many accounts, which exposes potential breaches. Because of these inherent vulnerabilities, the ability to compromise password based security controls of others remains relatively high.
Password storage applications are useful in managing and generating unique passwords for users, but suffer from the same inherent vulnerabilities since they require a master password that can be compromised. Biometric controls, such as fingerprint and retina scanner, while effective, require additional hardware and hence may not be adoptable in all environments. Other techniques include pattern based authentication where a user touches or draws patterns on a screen. However, similar to character based passwords, patterns can be copied by and/or shared with others.