We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.


Smartphone Secrets May Be Better Than a Password

Researchers are investigating whether recalling text messages, calls, and Facebook likes could be a useful log-in strategy.

Most people struggle to manage passwords for multiple apps and services.

Before you read this story, try to answer the following question: Who was the first person to text you today?

Even if you can’t remember, you can keep reading. But a group of researchers think that kind of question could eventually work as a simpler log-in method for some websites and services. The kinds of things you do regularly on your smartphone or computer may be easy for you to recall but difficult for a hacker to guess, they suggest.

In a research project dubbed ActivPass, researchers from the Indian Institute of Technology Kharagpur in West Bengal, India, the University of Texas at Austin, and the University of Illinois Urbana-Champaign studied how well participants could answer questions based on a log of activity, including Facebook posts, websites visited, songs downloaded, and people called and texted.

In a recent paper, the researchers report that asking questions about recent, infrequent events (such as a phone call yesterday from a friend you haven’t spoken to in a while) worked 95 percent of the time in testing.

Eventually, this kind of authentication may replace the growing list of usernames and passwords most of us have, or at least serve as a new kind of backup for when you forget a password. Researchers also believe it could cut down on sharing of passwords for services like Netflix.

“Whenever there’s something you and your phone share and no one else knows, that’s a secret, and that can be used as a key,” says Romit Roy Choudhury, an associate professor at the University of Illinois at Urbana-Champaign and a coauthor of the paper.

In their study, the researchers used an app to collect data from participants’ smartphones and also gathered some data from their computers. In addition, they quizzed participants to figure out what they could remember.

The team used an algorithm to find suitably infrequent events to use as the basis for questions. On average, users succeeded in answering three questions about themselves correctly 95 percent of the time, and they were able to answer questions about other people less than 6 percent of the time.

Now, Roy Choudhury says, the researchers are speaking with companies like Yahoo and Intel to figure out if what they’re doing could be useful for enterprise users and, if so, what needs to be done to make the system work well.

One issue would be figuring out what kinds of activity data users would be comfortable sharing. Another is how such a system would work if you haven’t used your phone recently or can’t remember who texted you last night at 8:05.

Jason Hong, an associate professor at Carnegie Mellon University, has conducted similar research. He says that the reported percentage of users correctly answering questions about other people is low, but the number is still large when a service is used by millions of people.

This makes him think that activity-based authentication might work best as part of a more complicated authentication process. If your phone determines you’re logging in to a service from a new place, it might ask you a few questions about your activities to help ensure you are who you say you are. Some websites already do some form of this—your bank, for instance, may ask you to authenticate yourself if you try to log on to your account from a new computer.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to All Access Digital.
  • All Access Digital {! insider.prices.digital !}*

    {! insider.display.menuOptionsLabel !}

    The digital magazine, plus unlimited site access, our online archive, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    Digital magazine (6 bi-monthly issues)

    Access to entire PDF magazine archive dating back to 1899

    The Download: newsletter delivered daily

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.