FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
'Hacker resistant' password authentication
Fri, 10th Jun 2011
FYI, this story is more than a year old

In the wake of high profile hacking and phishing cases, one British company thinks it has the answer to personal security on the web: a pattern-based authentication system to create one-off passwords, called Pin+.

Pin+ uses 'Matrix Pattern Authentication' technology to present users with a small set of squares, filled at each log-on with random numbers. Users would pre-determine the pattern of squares they would choose, keeping that consistent across all log-ons, and then enter the numbers from the corresponding squares.

In this way the password would change each time, theoretically meaning a hacker would need to know the user's chosen sequence of squares to crack the password.

"Users can employ patterns or shapes to remind them which squares they've picked," explained Steve Hope of pin+ technology partner Winfrasoft.

"In our humble opinion this technology which helps to resist hackers in many ways completes the development of the Web, which was never built for things like eCommerce or games playing on a massive scale," said Jonathan Craymer, Pin+ managing director. 

The company is offering an unlimited number of user licenses, at no cost, to online gaming companies in an effort to see the technology implemented in a widespread manner. The Pin+ website contains a corporate security section.

Certainly this seems like a clever way of keeping passwords safe, especially in light of recent high profile breaches of user information at Sony, Citibank and others. But whether or not the 'hacker resistant' claim will stand up to the test of time remains to be seen.

Update: Ty Miller, CTO of 'white hat' security consultancy Pure Hacking, emailed TechDay about our story with the following: "This type of security control is going to make a lot of attacks harder, such as brute force attacks against usernames and passwords; however, there are almost always going to be ways to break this type of software. "For example, if your machine becomes compromised then the attacker can install keyloggers that take screenshots when you click or even video to capture the PIN digits that you are clicking on. This type of attack is known as 'man-in-the-browser'."

For now, at least, it seems that 'hacker-resistant' password authentication protocols are still out of reach.