Apple patent filing suggests new take on passwords

Patent filings published this week show that the technology firm is considering image and object-based passwords to make their mobile devices more secure and to make pass codes easier to remember but harder to hack.

The filing, dated August 2011 but first published this week, is a patent for "image-based authentication" and would require an iPhone or iPad user to identify an object or person on their lock screen in order to user their device.

In the filing, Apple explains that existing methods of device protection are too easily open to abuse. "For example, a thief sitting on a bus may notice the four characters that an unsuspecting person entered on the person's smart phone. As another example, a thief may pick up a tablet computer in a public place and discover, based on finger prints on the display of the tablet computer, which characters were recently selected by the owner of the tablet computer. As another example, a person sees a friend enter a password into the friend's laptop. Later, the person accesses the laptop and views all the web pages that the friend has visited in the last day."

To counter these risks, an Apple device would display an object, for example a car or a person from the user's address book, and the user would have to select the correct description of the object from a multiple-choice list. Only the true user would know the true answer. The image displayed would be different every time, ensuring a ‘unique authentication' every time the device is unlocked. As with password prompt questions on websites, the device owner would have to choose the images and answers when registering the device before use.

Passwords and secure identification methods are a hot trend in technology at the moment. As more and more elements of daily life, from banking, to storage, to email and social communication migrate to the web, the number of individual passwords that the average consumer needs is growing at an exponential rate. What's more, recent crime reports from London and New York highlight that smartphone and tablets, and, in particular Apple devices, are being targeted more and more by thieves, meaning that users have to take every possible step to secure potentially sensitive data that may be saved on their handsets.

In January, Google published a white paper that explored the possibility of replacing passwords altogether with a physical key that would plug into a device's USB port in order to provide authentication. "Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," wrote Google's Eric Grosse and Mayank Upadhyay in the paper. "We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," they continued.

Likewise, rumor has it that Apple is also experimenting with fingerprint recognition sensors in a bid to eliminate text-based passwords and authentication.

However, just because a patent or white paper has been published doesn't mean that the idea will find its way to market. For now consumers who may be worried about their accounts being hacked or about being able to remember upwards of 20 passwords could try one of a number of free and premium password ‘wallet' services, such as LastPass or 1Password. They generate totally random and incredibly difficult-to-crack passwords for each site and service a consumer uses. When a password is needed, be it for Twitter or Amazon or a bank account, the software automatically fills in the required fields, even the user doesn't know what the actual passwords are. All of the passwords are controlled in a virtual wallet to which there is one ‘master' password.