Achy Breaky Password?

That’s right. Billy Ray Cyrus’ infamous song might soon become someone’s password. Perish the thought.

This is part of a research effort to solve the problem that humans, by nature, choose poor passwords as well as have difficulty in remembering good passwords and/or randomly generated passwords.

Passwords are part of a security system that allow 1 of 3 things:

• Something you have. (Think something like a physical key or keycard)
• Something you are. (Think your fingerprint, or your iris)
• Something you know. (This is where your password fits in. Its “safe” because it should exist only in your brain.)

The proposed solution is to reference a song, image, or other type of digital content to act as the seed of a cryptographic formula. Insert the digital content, apply the proposed hash function, and out pops a password. Granted, you’ll probably have to browse around to find the file used each time you need the password, and doesn’t necessarily solve the problem of when things on the Internet get deleted, its still very interesting stuff.

I haven’t read the entire paper, found here, but one begins to wonder about ways to defeat the method/mechanism… such as learning what song/image someone has used in attempts to gain access as them, or if this is vulnerable to a man-in-the-middle attack since it depends on something you have for a seed.