DARPA Experiments With Do Without Passwords

This is the most up-to-date DARPA logo.

Image via Wikipedia

Defense Advance Research Projects Agency is taking to the idea of developing an authentication system that does without hard to remember passwords.  The idea is to authenticate someone into a system (e.g., databases, computers, electronic devices, etc…) without having a person to enter any password at all.  This way, the users won’t have to remember any password, but yet they will be able to work with their systems just as usual.

It’s a grand goal in my opinion.  To develop an authentication system that knows how to discern one person from another is a witchcraft of developing an artificial intelligence type of computing.  Of course, I use the word witchcraft to praise and not to put down the idea.  I think it will be a very hard for someone to be able to actually develop the type of authentication system which DARPA wants to acquire.

When something is hard to realize, it doesn’t mean it’s impossible.  I think it’s possible to develop such a smart authentication system.  The question is, can a smart authentication system prevents hackers from manipulating it.  How about, can such a smart authentication system be transparent enough so it won’t be able to outsmart everyone, spy on everyone, and secretly keep records of everyone’s behaviors so the owners of the system can infringe on everyone’s privacy?

Comparing the idea of realizing an authentication system with artificial intelligence against the idea of deploying fingerprint scanners and other authentication systems that rely on biometric signatures, I think the latter is easier to achieve.  Also, I surmise that the latter idea is less prone to be abused in ways that disregard of users’ privacy.  Anyhow, I love how DARPA thinks big and bold, because maybe, just maybe by pushing for something extraordinary, we might get what we wish for!  For better or worse, right?

Source:  http://www.networkworld.com/community/blog/darpa-detail-program-radically-alters-securit


BrowserID Promises One Login For The Whole Internet With Better Privacy Than Individual Login Services Such As Facebook

Mozilla is working on an authentication project which will allow users to remember one master password for all their login needs ever, and this project is known as BrowserID.  We’ve seen something similar to BrowserID before which is OpenID.  It’s sad to say that OpenID isn’t that popular even though it’s genuinely a good idea.  BrowserID is similar to OpenID, and so users can expect that they only have to sign up with BrowserID’s application once — BrowserID will take care the rest whenever they log into a website that is deploying BrowserID technology.  BrowserID works by recognizing users’ email addresses.  Therefore, the process of signing up with BrowserID requires users to verify if their email addresses are real.  Website owners have to install BrowserID technology onto their websites before regular users can take advantage of BrowserID.

One problem I see with BrowserID is that it requires the technology to be adopted widely by website owners.  If there isn’t enough website owners out there want to use BrowserID technology for authenticating their users, then BrowserID will become irrelevant.

BrowserID is still being developed while we speak, and so it’s in beta stage.  For whoever doesn’t know what beta means in software development, it means that something is still being developed and not yet ready to be released to the mass.  Mozilla has put up a short instruction for website owners to apply BrowserID technology for their websites in three easy steps at https://browserid.org/developers.html.

It’s worth to mention that Mozilla claims BrowserID will provide better privacy than individual login/authentication services such as Facebook.  Facebook is a login service?  Yes, because many websites nowadays allow users to use Facebook’s credentials to log into their websites.

Source:  http://identity.mozilla.com/