I read Nigel Stanley's article 'Are Tricerion revolutionising passwords? with interest. Here is a technology that is an improvement on the standard user id and password security.
The concern I always have with any new technology is that it may create a new barrier to accessibility. Given that Tricerion SafeLogin is based around identifying pictures I was immediately worried, how could a person with a vision impairment use the system?
To understand the detail of the solution you should read Nigel's article but I will describe the basic user interaction here:
- The user navigates to the log on screen which asks for the user id.
- Based on the user id the system replies with a 'keypad' with a picture on each key. The set of pictures is different for each user and the order is different each time the user logs on.
- The user then identifies the pictures in the order of his password.
This is a very attractive solution to many people without any major disability, it is easy to use and the passwords are easy to remember. Moreover it would seem to be an improvement for some disability groups. People with dyslexia often find recalling a string of letters in the right order difficult. Using a short story to recall the right pictures is likely to be much easier. Young children, people with learning disabilities and people who use a different alphabet will all find pictures easier. It is also possible that people with Alzheimer's will find picture stories easier to recall than traditional passwords.
Initially it looks as if the solution precludes its use by people who have limited or no vision, if they cannot see the pictures clearly how can they identify the right keys? Tricerion has created solutions for these people.
The key to the solutions is that the system sends a keypad based on the user id. This does not have to be a set of pictures it could be anything else. It can therefore be customised to be accessible to the particular user. It may be a small modification such as increasing the size or contrast of the keys to accommodate users with limited vision. It could be a set of sounds that are played to the user, the user then picks out the sounds of their password, or should I say pass-sounds. Tricerion have a prototype of pass-sounds technology working.
This still leaves a small group of users who are deaf-blind unsupported. It would appear to me that they could be supported by the system sending them a 'keypad' made up of a set of words that would be available on the Braille display. The user can then identify the correct words. This may not seem as secure as the picture keypad but as the number of deaf-blind users is small it is unlikely that the hackers will identify them or target them. It should be sufficiently strong to deter the casual user.
It certainly appears that SafeLogIn is potentially accessible to all and therefore it should be considered by anyone wishing to improve the security of their system.