Asking questions about smartphone use for logins may stop Netflix password sharing

By Jason Hahn Published May 4, 2015

A password screen with an indecipherable password inputted. — Image used with permission by copyright holder

Who was the first person to text you this morning? What song did you listen to during dinner last night? Which of the following news sites did you not browse this morning? These types of questions could act as superior forms of user authentication to the traditional passwords people use today when they log in to apps and websites, according to five researchers.

In a paper titled “ActivPass: Your Daily Activity is Your Password,” a group of researchers located in universities in Texas, Illinois, and India lay out a novel approach to improving the security of login activity. The main thrust of ActivPass is to observe a user’s recent Facebook, browser, phone, and SMS activities and ask them questions based on those activities, which in an ideal world only the users themselves would be able to answer. For example, “From whom did you get your first call this morning?” could be a question posed to a user when they try logging in to a website.

Recommended Videos

The ActivPass project aims to address areas where traditional passwords are failing, including the increasing burden on users to remember a growing number of passwords (or to ease that burden by choosing common passwords that diminish security), sharing of passwords for cloud-based services like Netflix, and the increasing vulnerability of passwords being stolen.

Please enable Javascript to view this content

Users would be able to configure the system to determine how many questions must be answered for successful authentication, whether multiple-choice questions can be asked, and permissions to activity logs.

After an experiment involving 70 participants and their smartphone activity logs (tracked with an app), the researchers say their end-to-end ActivPass system was successful (i.e., authenticated legitimate users) 95 percent of the time. However, it was also compromised (i.e., authenticated impostors) 5.5 percent of the time.

“While this level of security is obviously inadequate for serious authentication systems, certain practices such as password sharing can immediately be thwarted from the dynamic nature of passwords,” according to the paper. While someone may be willing to share a password for their Netflix account with a friend, they may not be as willing to share their personal activities.

The researchers are speaking with companies like Yahoo and Intel to gauge how useful this approach to passwords could be for enterprise users and what could be done to make it work, said Romit Roy Choudhury, an associate professor at University of Illinois at Urbana-Champaign and a co-author of the paper, in an interview with MIT Technology Review.

[Image courtesy of scyther5/Shutterstock]

Topics

Former Digital Trends Contributor

Jason Hahn is a part-time freelance writer based in New Jersey. He earned his master's degree in journalism at Northwestern…

Mobile

I tracked my sleep with a smart display, ring, and watch. This is my favorite

The Oura Ring app on an iPhone 16 Pro Max, showing the Sleep screen.

Since I had a heart attack four years ago, I’ve been on a journey to understand my health. A crucial part of my recovery and focus has been my sleep, and it'smade even more important by the fact that my heart attack took place in the middle of the night while I was fast asleep. Thankfully, I woke up, but our sleep can tell us a lot about our underlying health.

Virtually every wearable now offers some form of sleep tracking, but like most things in technology, not all devices are created equal. Beyond just data, there’s also the question of which is most comfortable to track your sleep, which device gives you the most reliable data, and ultimately, how you can ensure you track your sleep wherever you are.

Mobile

How to transfer your books from Goodreads to StoryGraph

Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Mobile

The next iOS 18 update is on its way. Here’s what we know

The iPhone 16 sitting on top of orange mums.

When iOS 18.2 released just over a week ago, it unlocked a lot of long-awaited features like Image Playground, Visual Intelligence, and improvements to writing tools. Now, it seems like another update could be just around the corner: version 18.2.1.

MacRumors found evidence of the update in their analytic logs, a source that has supposedly revealed quite a few iOS versions before release. Given that this is a minor update, it isn't likely to come with new features or anything groundbreaking. Instead, it will most likely be targeted at bug fixes, although no specific problems have been named. You should expect this update to drop either in late December or early January, but a year-end release is more likely.