Researchers at a top-level university are announcing a new password authentication system called “Good Enough.” As the name implies, the authentication system will grant access to resources when the user has shown sufficient effort in getting their password correct. This system is in response to user complaints that passwords are getting too complex and too difficult to remember and type out.
Dr. Wadspros, head of the Security Conformity department, described the new process as “rewarding.”
“When you have to log in to a computer, you are put under a lot of stress. Maybe you can’t remember your password well, or maybe your systems administrator only gives you three chances to get your password right. That is too much pressure for the average computer user.” Dr. Wadspros explained, “Successfully logging in is a relief. We want users to feel rewarded for their attempts, even though they might be unsuccessful.”
As described in the paper published last week, the authentication system will track failed login passwords and see how closely they compare to the actual password. If the attempts are calculated as “good enough”, using a proprietary algorithm, the user is granted access. An example in the paper illustrates a password of “Se5l*Mah”. If the user tries three successive attempts like “se5lmah”, “Se5*mah”, and “Ae5Meh”, the authentication system would determine that the user had a pretty good idea of what the password was, but just couldn’t remember it exactly. In such a case, the user would have given a “good enough” effort and would be authenticated.
Dr. Wadspros pointed out that this system is for a new generation of computer users who grew up hearing a mantra of “it just works.”
“Apple really set the bar when it comes to computer usage,” he said. “I hear so many users every day saying, Why is this so hard? My password is a word like monkey with a number and a capital in there somewhere. I don’t remember exactly what it is and I shouldn’t have to.” Wadspros concluded, “The users want the computer to remember what their password is for them. Isn’t that what they’re built for?”
The “Good Enough” authentication system is planned to be introduced in both upper-class boarding schools and rural public schools. The program’s success will be measured by the drop in IT requests for password resets. If the pilot program is successful, the system will be made available publically for public web site and corporate users.