A system that does not require users to create and remember strong passwords

Called ActivPass, the system consists in collecting daily activity logs from multiple resources and creating a password, which is the reply to a security question.

The information can be gathered from activity on social media websites, call or SMS logs, web browsing. The idea is to rely on actions that are not frequent or predictable.

One example provided by the researchers was to give the name of the sender of the first SMS received in the morning, which should be memorable and unpredictable in most cases.

The ActivPass experiment was conducted on 70 individuals and the results showed that 95% of them could answer such question. In 5.5% of the cases, though, the impostors were able to authenticate to a given service.

ictnews.az