In my last two columns, I’ve been looking at the pervasive problems we have in the security field in overcoming natural human tendencies to misjudge risk. In particular, I’ve pointed out that the well-known and documented tendency of normal people to write down passwords is a consequence of deep-seated difficulties we face in our in-built abilities to interpret and manage risk.

When I was reconnecting recently with an old friend from my NCSA (National Computer Security Association) days in the 1990s, I visited her employer’s Web site and found an interesting method for helping users avoid writing down their passwords (or choosing bad ones or even sharing them casually): Passfaces. 

This software allows users to pick out recognizable faces that will authenticate them to their systems. Perhaps the best introduction is to look at the “Online User Manual” posted about the free “Passfaces Personal” product that anyone can download and try.

The basic idea is that a user sets up an array of photographs and puts some familiar ones into the pool to use as keys - the faces of people the user recognizes - then the software can produce a 3-by-3 grid of random selections, including one of the key pictures. The user picks out the familiar picture and then repeats the exercise twice more with new sets of eight strangers and one friend to authenticate the user.

Versions are available for Windows, for Web-site access control and for financial applications.

Passfaces offers a number of useful case studies and good PDF brochures about its products. I especially liked their white paper on “The Science Behind Passfaces,” which explains how human beings are particularly good at recognizing faces; indeed, it seems that we have special circuits that have evolved for rapid and accurate perception of faces.

The paper cites the following as advantages of “using Passfaces over passwords” (quoting the list exactly):

* Can’t be written down or copied
* Can’t be given to another person
* Can’t be guessed
* Involve cognitive not memory skills
* Can be used as a single or part of a dual form of authentication

The power of the system is enhanced by setting parameters to interfere with misuse of the faces. For example:

“In some high-security applications the grids of faces may be displayed only for a very short time. A half second is long enough for practiced users to recognize their Passfaces. Combined with masking (faces in a grid are overwritten with a common mask face) it is extremely difficult for “shoulder surfers” to learn the Passfaces as the user clicks on them. Users can also be given the option to enter the grid position of each Passfaces on a keypad, rather than picking them out on the screen.”

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.