Stronger protection for passwords

Wednesday, 06 July 2011 00:00

Hacking programmes use so-called brute-force attacks to try out all possible character combinations to guess passwords

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are intended as an additional safeguard the input of which originates from a human being and not from a machine. They pose a task which is simple for any human, but difficult for a programme. Users must enter a distorted text which is displayed on the screen, for example.

Researchers at the Max Planck Institute for the Physics of Complex Systems have developed password protection based on a combination of characters and a Captcha. They also use mathematical methods from the physics of critical phenomena to prevent access to the Captcha by computers.

“We thus make the password protection both more effective and simpler,” says Konstantin Kladko, who had the idea for this interdisciplinary approach during his time at the Dresden Max Planck Institute; he is currently at Axioma Research in the USA.

The researchers initially combine password and Captcha in a completely novel way. The Captcha is no longer generated anew each time in order to distinguish the human user from a computer on a case-by-case basis.

Rather, the physicists use the code word in the image, which can only be deciphered by humans as the real password. The researchers also encrypt this password using a combination of characters.