Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
United States Security The Military

DARPA Wants To Kill the Password 383

jfruh writes Many security experts agree that our current authentication system, in which end users are forced to remember (or, more often, write down) a dizzying array of passwords is broken. DARPA, the U.S. Defense Department research arm that developed the Internet, is trying to work past the problem by eliminating passwords altogether, replacing them with biometric and other cues, using off-the-shelf technology available today.
This discussion has been archived. No new comments can be posted.

DARPA Wants To Kill the Password

Comments Filter:
  • by ArcadeMan ( 2766669 ) on Monday August 11, 2014 @08:55AM (#47646283)

    Kill and eliminate passwords? Violence is not the answer.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You say that now, but wait until you watch a password facehug and implant an embroy in your friend. He might seem fine then, but you'll be convinced when a password bursts out of his chest and start running around.

      Take off and nuke the entire website from orbit. It's the only way to be sure.

      • There's no need to nuke the website from orbit. The server is running IIS, it will implode on itself sooner or later.

    • by Anonymous Coward on Monday August 11, 2014 @09:24AM (#47646477)

      We don't need to kill and eliminate passwords, we just need to modify them. The problem with passwords for the average user is the dizzying array of requirements from various websites (between 8 and 20 characters long, required to have upper/lower case and numbers, must have punctuation except "|~, etc.). I've never understood why passwords can't be sentences, like "I'm going to take my dog, Spot, to the park today." It's much easier to remember for the layperson and pretty quick to type once you've done it a few times. IANAC (I Am Not A Cryptologist), but I thought password strength was a function of length and potential characterset. It seems like everyday sentences would be the way to go since guessing it exactly right would be exceedingly difficult.

      • The kicker (for me) is that many websites DON'T allow certain character sets.

        I've had websites tell me that I'm not allowed to use special characters. One of which was a financial institution.

    • Why do they want to kill my password? What's wrong with "@13 unicorn #DARPA gangbang!"? It's secure isn't it?

      • by gmhowell ( 26755 )

        Why do they want to kill my password? What's wrong with "@13 unicorn #DARPA gangbang!"? It's secure isn't it?

        Damnit, time to change the combination on my luggage again...

  • by Anonymous Coward on Monday August 11, 2014 @08:55AM (#47646285)

    You can change a password, you can't change your retina print. What do you do when your account is compromised? Get new eyes?

    • by peragrin ( 659227 ) on Monday August 11, 2014 @09:01AM (#47646333)

      New eyes , new finger prints, and new DNA.

      What happens if you get sick or injured? Can you imagine pink eye with retinal scanners? Finger print scanners are fooled by gummy bears.

      • Pink eyes, eh? Don't go to work stoned, then..
      • by Thanshin ( 1188877 ) on Monday August 11, 2014 @09:11AM (#47646389)

        Finger print scanners are fooled by gummy bears.

        Where I work, the scanners are quite high. Way beyond the reach of even the tallest gummy bears.

      • by Geoffrey.landis ( 926948 ) on Monday August 11, 2014 @09:46AM (#47646663) Homepage

        What happens if you get sick or injured? Can you imagine pink eye with retinal scanners?

        Yes, this is the serious problem-- just as serious as the problem of people fooling the password-alternative is the problem of the false negatives: getting locked out.

        Notice that most of these weren't fingerprint scanners or retinal scanners-- they were stuff like gait monitors, or even more bizarre stuff, like listening to your heartbeat. So, if you twist your ankle--or even buy a new pair of shoes-- you're out of luck. Taking pseudoephedrine for a cold? Ooops, your heartrate is different. You're locked out.

        --instead of using these instead of password, however, what about if you use alternate ID as a second check. It doesn't lock you out, but it does trigger a watchdog alert that pays attention to what you're doing.

        You can change a password, you can't change your retina print. What do you do when your account is compromised? Get new eyes?

        Yes, we've all seen dozens of those science fiction stories where they steal people's eyes, or cut off their fingers, or take swabs of their DNA.

      • I had a cancerous tumor on my retina.

        After treatment, which included radiation (Chip sewn on the lower back part of my eyeball for a week) and lasers, along with the ongoing process of the optic nerve dying from the radiation exposure, I suspect my retina is quite different, and still changing, from 4 years ago when the tumor was treated.

        Retinal patterns DO change some times. It's rare, but it happens.

      • by mlts ( 1038732 )

        You hit the nail on the head.

        Biometrics are useful, but what about just going with a tried and true PIV/CAC token?

        I have always used authentication tokens. (Preferably, multiple tokens for redundancy.) For example, I have several Aladdin eTokens. They are set with a fairly short (16 character) user passphrase, and an obnoxiously long (but memorable) admin passphrase. Both passphrases will permanently lock if more than a certain number of bad attempts are done.

        These days, I wish there were a way to make

      • by geekoid ( 135745 )

        Do not verify password with remaining eye.

        Joking aside, I suspect DARPA is aware of those issues and taking them into account.

        " Finger print scanners are fooled by gummy bears."

    • by mellon ( 7048 ) on Monday August 11, 2014 @09:26AM (#47646501) Homepage

      Exactly right. Biometric passwords are much easier to fake, because you can't change them. They also provide a nice means of identifying surveillance targets. It's almost as if these guys are getting direction from the NSA or something.

    • by m00sh ( 2538182 )

      You can change a password, you can't change your retina print. What do you do when your account is compromised? Get new eyes?

      Instead of all this BS, just make an app that stores all the sub-passwords from a master password.

      You can link your biometrics to the master password and even if you sub-passowrds are compromised, you can change them.

      If you master password is compromised, then used a different finger or a different combination of biometric plus another password.

      The biggest problem I have faced is the arbitrary password rules. Some sites require you have to choose from .\$[] character set whereas others cannot have it

      • by donaldm ( 919619 )

        You can change a password, you can't change your retina print. What do you do when your account is compromised? Get new eyes?

        Instead of all this BS, just make an app that stores all the sub-passwords from a master password.

        There are plenty of apps that allow you to store your passwords in a database. Do a lookup on "password manager" and you should get over 250,000,000 hits. The problem is that you need to make sure that the passwords you use are not trivial and should be preferably over 8 alpha-numeric characters in length as well as having at least one special character (ie. !,@$# ... etc). A password generator is actually very good for this however the more complex a password the more you need to rely on a password databas

  • Ultimately... (Score:5, Insightful)

    by Anonymous Coward on Monday August 11, 2014 @08:57AM (#47646301)

    Ultimately whatever password replacement you come up with gets turned into TCPIP packets over the intertubes. Whether you are measuring my height, fingerprint, penis size or whatever metric you come up with, it gets turned into 0's and 1's that I can grab and duplicate. It is still information on a remote server than can be hacked and used by third parties.

    And worse... once hacked, I can't do much to change my biometrics... so I'm totally screwed once the host server is hacked and a million biometric accounts are compromised.

    • Mushroom stamping the scanner. Now that's new concept I haven't heard of before.

      Keep it classy.

    • small comfort, but people whose biometrics are hacked would be the perfect cyber criminals no? I mean, you can't tie those bio-metrics to just 'them' anymore right?

      excuse me, I need to go take a red pill...
    • by digitig ( 1056110 ) on Monday August 11, 2014 @09:47AM (#47646669)

      Whether you are measuring my height, fingerprint, penis size or whatever metric you come up with

      Penis size is pretty useless as a biometric. It changes depending on the site being accessed.

      • by daid303 ( 843777 )

        Whether you are measuring my height, fingerprint, penis size or whatever metric you come up with

        Penis size is pretty useless as a biometric. It changes depending on the site being accessed.

        So, that's perfect, password per site, and hard to fake.

      • by David_W ( 35680 )

        Penis size is pretty useless as a biometric. It changes depending on the site being accessed.

        Doubly so on this one, where everyone claims theirs is a foot long.

  • presumably so... (Score:5, Insightful)

    by Anonymous Coward on Monday August 11, 2014 @08:58AM (#47646307)

    ...when the NSA wants to tap into various accounts, they can track exactly who they belong to and who accesses them because it will be linked to your personally identifiable biometrics

    • Also, the various government agencies are increasingly working on gathering and archiving the biometric data of everyone they can. Right now they can collect fingerprints or DNA if you are arrested (and often this information is not purged if you are not convicted); I wouldn't be too surprised if they soon start gathering retina patterns as well. If devices start requiring biometric data over passwords, then the government (and any of their partners, or their employees or anyone who has hacked the database)

  • by Ubi_NL ( 313657 ) <joris.ideeel@nl> on Monday August 11, 2014 @09:00AM (#47646321) Journal

    I can change my password anytime if I think somebody copied it. I cannot change my fingerprint or retina. There is no way I'm giving random webshops or google my biometric data.

    • by Overzeetop ( 214511 ) on Monday August 11, 2014 @09:21AM (#47646453) Journal

      Any biometric password should be based on a certificate, not a direct digital representation of the biometric.

      • This is correct. Take a look at what these guys are doing with biometrics:

        getnymi.com [getnymi.com]

        They aren't sending your biometric data all over the internet. They verify your identity on device and then send a token around.

    • by bombman ( 87339 )

      Can I have a glass of formaldehyde and eyeballs next to my computer i can use if i want to change my password?

    • I can change my password anytime if I think somebody copied it. I cannot change my fingerprint or retina. There is no way I'm giving random webshops or google my biometric data.

      You'll probably end up giving it to the US government if you go through customs. If not now then whenever Patriot Act III passes.

  • by Thanshin ( 1188877 ) on Monday August 11, 2014 @09:01AM (#47646331)

    I'm ready to switch passwords for anything else as long as:
    1 - It can't be extracted from me by an easier method than torture or blackmail.
    2 - It stops working forever if I'm dead.

    Otherwise, some blood will have to wash away the naivete. Again.

    • by LWATCDR ( 28044 ) on Monday August 11, 2014 @09:13AM (#47646411) Homepage Journal

      "2 - It stops working forever if I'm dead."
      That is what I am worried about. I would like my wife to have access to my online accounts if for no other reason than to say good bye for me.

      • Most biometrics do stop working when you die. Retinal prints change if there's no blood flow - the 'eyeball-on-a-pencil' just doesn't work. Other methods ... well, generally you can detect a pulse, and the change in pattern from the blood pressure is more secure anyway. (Even before you decide you don't want to let zombies^Wresidual human resources in.)
      • by judoguy ( 534886 ) on Monday August 11, 2014 @10:51AM (#47647283) Homepage
        Good point. I'm at an age where my friends are dying every year or so. As someone who has had to "close up shop" for some of them, it's a royal bitch to do when their online life can't be accessed. Stopping the mail, shutting down the online business, etc.

        "Oh, they should have prepared for that in advance, as soon as they knew they were going to die". Yeah, well, perhaps in some fantasy world. No, the survivors clean up in real life.

    • I'm ready to switch passwords for anything else as long as:
      1 - It can't be extracted from me by an easier method than torture or blackmail.
      2 - It stops working forever if I'm dead.

      Agreed. Other authentication factors can be taken from you without much difficulty, but password access requires actual conscious cooperation.

      On the other hand, I know where they're coming from. For the last five years I've been working on getting as many network services as possible to work with Kerberos authentication. So far, I've got OpenLDAP, OpenAFS, Netatalk (AFP), NFS, OpenSSH, Exim (SMTP), Dovecot (IMAP) and Apache (HTTP) to work with it, which has eliminated a lot of password use, as well as im

    • by jsepeta ( 412566 )

      well if you're looking for a biometric that stops working when you're dead, then a penis size based reader would be the perfect choice.

  • by nine-times ( 778537 ) <nine.times@gmail.com> on Monday August 11, 2014 @09:14AM (#47646417) Homepage

    Passwords don't need to be killed. If you're thinking about replacing it with biometrics, I think that's thinking about the problem the wrong way too. The fact is, we already have all the technology we need to solve this problem much better than we do today. It's simple: instead of passwords, you should have a password protected private key, with a single password, and then use public keys for authentication. That way, you only need to know one password, and you've also eliminated a lot of the danger of snooping on connections because the private key isn't being sent.

    Of course, it would require that everyone pretty much agree on one set of standards for how it's supposed to be implemented, and than developers have to build their products with those standards. Then you probably also want some trustworthy and inexpensive/free Certificate Authorities. Ideally you'd want to be able, though not required, to use the same private key for everything-- email encryption, ssh logins, maybe even credit card purchases-- so you'd need mechanisms for managing your keys, keeping them safe but also making them available when needed. Throw in some dual-factor authentication where you want a high level of security, and you've basically solved the issue.

    • Actually, a solution very similar to what you describe are currently beeing developed as SQRL - Secure Quick Reliable Login [grc.com]. The main highlights and uniqeness of this is:
      • There is no trusted third party. There is the only a) the user and b) the website (and also notice that each website will receive different identities, so no cross site spying).
      • The creator, Steve Gibson, is doing this just because it is a good security solution and have no other interests. He has a long track record of being an securi
  • As many, may other have before, because this problem is not really solvable without AU that can recognize a person? Well, it is a waste of taxpayer money, and fail they will. Biometrics is basically unusable unless you have a security guard monitor the taking of the measurement.

  • by DaMattster ( 977781 ) on Monday August 11, 2014 @09:14AM (#47646421)
    You can kill the password in favor of strong security tokens but if the underlying code is poorly written and full of security holes, then it won't be any more secure than what we have now. If you can steal a few retinal images through an exploit, you could, in theory, make a model with the retinal pattern.
  • Now thats something innovative DARPA could do: I don't want biometrics, but perhaps someone else might like it, as they don't care much for computers, and would have used a 12345qwert like password.

    Come on, most of these authentication methods are inferior, I just don't have the abilities I have with passwords: evil people have to beat me with a stick until they know my password instead of just having to cut off my finger, I can change it whenever I want, a password doesn't identify me (I can stay anon), I

  • There's no way I can see this happening, if only because no one would be willing to settle on a single standard for biometric verification. For instance, I can imagine that some places will want a simple fingerprint.. but others will demand that the fingerprint scanner used by the user to submit their prints detect warmth so that they can be sure that there's no artificial prints, dead bodies, or severed extremities being used to bypass the scan.

    Other places will want retinal scans (One eye? Both eyes? Proo

  • by Sobrique ( 543255 ) on Monday August 11, 2014 @09:19AM (#47646447) Homepage
    We're used to using SSL from client to server. But it works both ways around. You can use client side SSL certificates to authenticate. Client side SSL certificates that you can lock down with a decent passphrase, SSLVerifyClient [modssl.org]

    Not as hard to implement as some of the pipe dreams out there. Of course, it does require a degree of tech savvy on the part of users - and more importantly, enforcing it's use, to avoid laziness bypassing.

    Then your challenge becomes certificate transport - you'll need a way to carry around your cert, or somehow get hold of it when you need it, which is easier said than done. The real advantage of passwords is their portability. Biometrics have a similar advantage, but as already noted - are a bit harder to revoke/change.

    • It's pretty tricky to avoid the 'carry something around' requirement; but people seem to be good enough at that when they need to be.

      I suppose the major mess would be all the phones and tablets that either don't have card readers or USB, or have USB but will never receive driver support outside of third party hacks. Smartcards and their USB attached analogs can handle the job but having accounts that you can't access from almost any mobile device will probably play poorly.
  • How about a standard protocol around devices like Yubikey hardware tokens for integration in the browser (or use with other applications):

    https://air.mozilla.org/fido-u... [mozilla.org]

    Google, Microsoft are already involved, Mozilla is looking into it.

  • 666 (Score:2, Interesting)

    by musmax ( 1029830 )
    And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the beast or the number of his name. Rev 13:17
    • You crazy end-times nutjobs... Everyone knows that Verichip(tm) brand subdermal RFID solutions are supposed to be implanted in the arm, not the hand or forehead!
    • by PPH ( 736903 )

      Damn you! That's the combination to my briefcase.

  • Don't people just click on the 'Forgot Password' button every time their browser forgets their password?
  • I concur with the previous post saying you "can't change" biometric stuff if your password is "compromised" - but my further point is that biometrics are "secure" in an "embedded" world when you have a physical scanner attached to a physical device. When you're on the "open internet" - and such biometric data has to be collected and shuttled accross "the 'net" - you now have the same sort of issue as with "traditional" passwords - i.e. someone snarfing and/or "replying" that data.

    So whereas biometrics mig

  • by QilessQi ( 2044624 ) on Monday August 11, 2014 @09:55AM (#47646761)

    Pam: Oh, OK, then good luck with all the biometric scanners. Unless you wanna cut off my fingers and scoop out my retinas.

    Kidnappers look at each other.

    Pam: Oh, don't be dicks!

  • Passwords don't simply show your identity. Making the choice to enter them also shows your permission. Sure they can be snooped, but they can't be easily extracted against your will. All biometric based keys are available with a warrant. The password is the only one that I know of that I have any chance of hiding. By carefully employing different passwords for every site with the aid of KeePass or a similar tool and changing them all periodically (would be nice if KeePass automated this) and guarding KeePa
  • Because accidents happen. No matter how improbable... no matter what kind of artificial barriers we might try and design to prevent them, over time even the unthinkable can and often will happen.

    And when it does, some kind of mitigatory system needs to be in place, or else once the system has been compromised, nobody will ever want to use it again. In the case of biometrics, if a database of people's biometric "passwords" has been compromised, potentially allowing somebody to access whatever that dat

  • At work I have so many passwords with different requirements and different reset schedules that I had to turn to the low tech approach of writing every one down on a post it note and hiding it under my calculator on my desk. I do take my laptop home every evening.

    Interesting enough, email is the only program we no longer have to sign in to each time, and it also does not time out after inactivity like every other program. That is the place where most sensitive business information would be located. All
  • If DARPA doesn't like passwords, they shouldn't use them. But that shouldn't have any bearing on us puny civilians.

  • Biometrics is a great idea to ensure that people are in direct proximity of the device, but what about all the remote control I do?

  • The last thing we need is for our biometric information to be in the hands of every web site which requires a login.

    It will kill anonymity, because you will be universally identified.

    Sorry, DARPA, but we trust neither you nor private corporations with this kind of stuff.

  • by Marrow ( 195242 ) on Monday August 11, 2014 @10:29AM (#47647099)

    Every single site has a different way of giving you a way to change your password. This makes it impossible to write programs to write programs to change your password....like a password manager for instance. Imagine if you could just type in your new password into your password manager program, and it changes all the passwords it manages with one click. They could all be randomly generated and different for every site. Hints, recovery, email addresses, could all be updated with one click. With a history as to the previous versions in case something went south.

    Instead of struggling with writing all the captcha's, and strength meters, and interfaces, and all the CRAP that the every site on the planet does differently. Just standardize the interface and maintenance of passwords. And then standardize the strength of the generator programs. And voila, permanent security that is controlled where it should be: in your hands.

  • DARPA: send beer

    nntp://news.grc.com/grc.sqrl/ [grc.com]

  • There are only three ways to authenticate someone no matter what the context:

    1) Something you know
    2) Something you have
    3) Something you are

    Any security system is made up of some combination of the above.
  • Biometric identification is needed to reduce fraud. We all know how easy it is for one person to vote as many times as they want [dailycaller.com]. There is no way to even estimate how much Medicaid recipient fraud costs. Biometrics certainly won't eliminate fraud in these and other places but it's a step in the right direction.

    Unfortunately we're very unlikely to see any progress on this anytime soon. Even suggesting that a person should present identification when voting is met with howls of protest.

  • by houghi ( 78078 ) on Monday August 11, 2014 @12:18PM (#47648147)

    The good part is that they are concerned about passwords. The bad news is that they do not come up with a good alternative.

    There are two issues with passwords. The first is that we are looking for a technical problem with what is essentialy a social problem. Security in itself is already a social problem. How many people will give uup their password to the IT guy or their boss without any question? To their SO, kids or parents?

    The second isssue is that we have way too many passwords to remember and there is no single solution. (1) IT people are only looking to how THEIR system is secured and look at it from an, again, technical and not a social point of view. They do not count in the weakest point : humans.

    And as long as you do not caqlcualte those in, it won't be solved.
    So instead of saying 'We want to replace it with ..." they should have said "We want to replace it". That way you are open for a REAL solution.

    (1) If you have a solution, please let me know. It must be one that I can use at home (Linux), at work (Windows, but I am not allowed to install anything and have no Internet access and am not allowed to use any cellphone or other device), on my phone, on PCs that are not mine, on my ATM machine.

"Never face facts; if you do, you'll never get up in the morning." -- Marlo Thomas