I don't believe that our current security paradigms really line up with the possibilities that new technologies offer.  I find password systems quaint, by and large, I think password generators are an amusing novelty and rather secure but generally a waste of time in that making a typo or missing a password turnover can slow down an authentication to the point that I can't recommend such systems for general use in time-critical environments, and I fear that biometrics as we use them will continue to lead to kidnappings and mutilations (Kent, 2005).  I do think that biometrics like voiceprints may be safer for the user and that password generators might be more convenient as they are integrated with smartcards and/or such interfaces as USB, encrypted WiFi or FireWire but I wonder why we aren't leveraging such technologies as fMRI (functional Magnetic Resonance Imaging), EEG (ElectroEncephaloGraphy) or neural plugs more effectively.  It seems pretty clear that passwords are not an entirely effective nor efficient authentication method as currently implemented; as Wang (2009) points out, they “are not generally secure against dictionary attacks” and as Anderson says (2008, P54) “password entry is often poorly protected”.  So, adding this to Abie's list (2006) of “Shoulder surfing, User has written down password, Sniffing of communication channels, Social engineering attacks, Deliberate release password sharing, Password sniffing on machine” and “Password guessing”, it seems obvious we should be more rigorously exploring alternatives. It is simply not easy to use an electronic screen and keyboard for authorization in a way that prevents the possibility of eavesdropping.  Therefore I propose an authentication method that, while certainly related to passwords as we know them, is subject to entirely different attack vectors and represents somewhat novel risks.

Voice-printing offers most of the biometric guarantees of uniqueness and non-repudiation while remaining fairly convenient.  It is also fairly non-intrusive.  Neural imaging, on the other hand, remains so to some degree.  However, EEG is making some headway against direct neural interfaces (Fitzpatrick, 2006).  Therefore I'd propose a system where the user either plugs in to a BrainGate (n.d.) style interface or puts on an EEG cap and speaks one preconfigured passphrase while thinking about some sort of captcha-like output from the computer's visual interface.  By using such a passphrase we will both cut down on the size of the database necessary for its storage, thereby improving performance, and improve the odds of an acceptable match in the face of such factors as environmental noise and illness, fatigue or other voice-print altering possibilities.  By leveraging a direct or electrical brain interface we can guarantee a level of privacy greater than a keyboard while at the same time, by using the captcha concept, ensuring that something temporally unique is being engaged in the process thereby reducing the possibilities of replay and such attacks.


Abie, H. (2006) Different Ways to Authenticate Users with the Pros and Cons of Each Method [Online].  Available from: http://publications.nr.no/Authentication_atFHI.pdf (Accessed: 13 March, 2011)


Braingate (n.d.) Turning Thoughts Into Action [Online].  Available from: http://cyberkinetics.com/ (Accessed: 13 March, 2011)


Fitzpatrick (2006) Teenager moves video icons just by imagination [Online].  Available from: http://news.wustl.edu/news/Pages/7800.aspx (Accessed: 13 March, 2011)


Kent, J. (2005) Malaysia car thieves steal finger [Online].  Available from: http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm (Accessed: 13 March, 2011)


Wang, Y. (2009) Laureate Online Education Information Security Engineering Seminar for Week 2 [Online].  Available from: https://elearning.uol.ohecampus.com/bbcswebdav/xid-66215_4 (Accessed: 10 March, 2011)