Forget your password again? This system turns the problem about-face.
- By Marc Barrera
- Sep 01, 2006
THE Internet can make many aspects of life easier, such as managing
inventory, safety compliance, and worker's compensation claims; but the
prospect of remembering more passwords isn't one of them.
Tom Hagan, executive vice president and CIO of ParadigmHealth Inc.,
a New Jersey-based health care management company that provides online
information access to both patients and physicians, said his company
has been forced to deal with the task of increasing security of online
data while easing access to its users. "Millions of people are
accessing personal health records and you need to put very strong
authentication in front of those applications." But with anything
involving e-commerce and consumers, the challenge is having very high
security requirements, he added.
The large number of online users increases the probability that
alpha/numeric passwords will be forgotten or misplaced when needed.
This possibility requires ParadigmHealth to invest countless time and
money in a support hotline and other backup options that provide
customer support. These added costs are ultimately passed on to
customers. "It becomes very difficult to support. When people forget
their passwords, they need a place to call," Hagan said.
The answer for ParadigmHealth came in the form of the
Maryland-based Passfaces Corp. Using the brain's unique ability to
recognize faces, a trait it is believed humans evolved in order to
separate friend from foe, the passfaces™ software replaces traditional
alpha/numeric passwords with a set of three to seven faces, each
separately placed within a grid of nine faces, similar to the
arrangement that began every episode of "The Brady Bunch" television
show. Users identify the correct face in each series of screens in
order to gain access. But how can one be certain that a person will
recognize up to seven faces easier than remembering one password?
Research conducted by Professor Hadyn Ellis at the University of
Wales Cardiff's School of Psychology has indicated that the left side
of the brain has a special component whose sole function is to
recognize faces. This innate ability allows infants to recognize their
mother after only two days and adults to know within twenty-thousandths
of a second when they have seen a familiar face.
Patricia Lareau, Passfaces vice president of product development,
compares remembering alpha/numeric passwords versus passfaces to early
school days when students hoped their test was multiple choice rather
than fill-in-the-blank. "You remember when you were back in school,
someone would ask you a question and you had to fill in the blank;
that's a kind of a cued recall, and we hated those kinds of tests," she
said. "And then there's recognition, where you would be given choices,
and you'd recognize one of them. Recognition is by far the strongest
form of memory and, because there's a part of the brain that focuses on
faces, the recognition of faces is even more special."
Increased Security, Increased Ease
Hagan noted that other than easing the memorization process,
the technology heightens security access by eliminating the ability to
write down a password, give it to another person, or guess it. "If you
make a password highly memorable, it becomes less secure. Passfaces
works in the exact opposite way; it drives up security but makes it a
lot easier to remember," he said, emphasizing that he particularly
liked how the system prevents clients from passing access information
to others. "You can't say, 'Oh, it's the person that looks like this
and the person that looks like that.'"
Other steps have been taken to help the users make permanent
associations with their selected passfaces. All faces are smiling
because people are more likely to recognize a definite expression
rather than a neutral look, and people prefer happy faces to sad or
menacing ones. Another important factor is context. Adults tend to more
easily recognize people whom they perceive as important to them. The
importances of a user's passfaces are implied because they will always
be used in the context of gaining access to a secure Web site or
system. Also, the eight other decoys grouped with each passface will
never change. This reinforces Semantic Priming, which occurs when the
user's brain forms relationships with the correct passface and its
decoys. If a user insists on a traditional alpha/numeric password,
passfaces can be combined with one as part of a dual form of
Lareau said Passfaces' greatest strength is in its universal fit for
Web-access applications. For example, if a company wants to restrict
online access of employee information or access to online MSDSs for a
particular plant thousands of miles away, rather than carrying a long
list of passwords for each application, users would only need to
remember one set of passfaces. As an example, Lareau mentioned one
client company that allowed an employee to use passfaces instead of its
traditional access items. Now, three years later, 95 percent of the
client's employees use passfaces instead, and none have forgotten them.
Passfaces also has possibilities for applications beyond Web-access.
Lareau cited the example of one client company that considered using
passfaces with its fleet of forklifts. "It was more so they could have
access right on the forklift," she said. "Workers would use passfaces
to access their databases for the location of stuff in their warehouse."
One drawback to passfaces technology involves the affected few
that can't use it. Researchers differ greatly on the subject of
prosopagnosia, or face-blindness, with the most extreme group believing
that to some degree it affects as much two percent of the population.
Yet, even this large estimate pales in comparison to the five percent
of the population that suffer from dyscalculia, a sort of "number
blindness." Some research suggests prosopagnosia is genetically
inherited, while other research shows that it can occur as the result
of suffering severe head trauma. Regardless of the cause or the extent
of its proliferation, those affected are unable to recognize faces,
even those of family members or their own. To work around this
disorder, victims learn to identify acquaintances through other means,
such as the sound of a person's voice or laugh, or a person's gait. In
this instance, those affected would be forced to use traditional
password methods or rely on a trusted colleague or family member when
securing important information.
As industry continues to integrate with an increasingly wireless
Internet, the need for a method to access these applications that is
secure, easy to remember, and easy to use will grow. Passfaces is
positioned, quite literally, to face these requirements head-on.
"Internet access to Web applications has been the number one place for
passfaces," said Lareau. "Regardless of what particular application it
is, whether it's financial services or a health care portal like
ParadigmHealth is doing, anyplace where you have multiple people coming
from multiple places to access data, passfaces is a perfect
This column appeared in the September 2006 issue of Occupational Health & Safety.
This article originally appeared in the September 2006 issue of Occupational Health & Safety.