Internet users prefer to keep the same password for different services they use. (Check if you have the same password for your FB, Twitter, LinkedIn, Adobe and bank accounts.) If a particular service has a restrictive password policy or asks the user to change their password frequently, the user ends up writing them all down in one place.
That means even if an un related app gets hacked, it puts your account at risk, for passwords are same everywhere!
How is this addressed by FB/Twitter?
- Their security team gets hold of the hacked user dump. (It’s hard but possible.)
- They pick each user from the dump, run query on their own set of users and check if someone has a same password as the one in the hacked dump.
- If a positive match is found, they get in touch with the user and ask them to change password.
Having internal security teams may not be feasible for all.
Architects typically put a 2nd factor of authentication in addition to passwords — but that comes at the cost of user experience.
We have been trying to figure out a way to solve this problem and we think we have a solution.
AuthMe — making human behaviour their password!
Passwords were meant for desktop era and need to be re-imagined given the advances in machine learning.
At AuthMe, we track how users behave with their smartphones and convert this behaviour in their passwords.
What is this behaviour?
- Typing speed
- Swiping speed
- Pressure put on touch screen
- Smartphone holding angle.
- Accelerometer and Gyrometer movements
We track a user on 15 such different behavioural traits, which are difficult to copy all at the same time.
How is this more secure than passwords?
The key to keep your password safe? Keep changing it continuously.
Making human behaviour your password solves this automatically, for behaviour keeps changing. (The way you swipe won’t be the same a month from now, trust me!)
Does this fit the regulatory requirements of 1st and 2nd factor of authentication?
Absolutely. Here’s the screenshot of our pattern lock.
We use pattern locks to fit the classic definition of auth: what you know (your pattern+subconscious behaviour) and what you have (your smartphone)
Want to try it out?
For smartphone users, have a look at our demo here.
Sign up with your email id and swipe the same pattern 6–7 times and you will start seeing a trust score like this:
Share the above screen with us by tweeting to our twitter handle and tell us what you think. We value your feedback and you might even get some swag from us! :P
If you want to integrate this technology, we have a super easy to integrate SDK available here.
Look forward to hearing from you!