Is there any real solution to the nightmare of online password management in an era of increasingly clever hacks, scams, and identity theft? Cybersecurity engineers at Texas A&M University think so, and according to their recent findings published in IEEE Internet Computing, the answer is a sturdy, sophisticated “HIPPO.”
When creating a new password, security experts suggest generating one that is as long as possible, with a mixture of letters, numbers, and symbols. You technically should never repeat them across multiple websites, either. Of course, this is easier said than done, and it also creates one of the internet’s greatest ironies. The safest, most secure online passwords are generally the ones that are most difficult to remember.
Popular password vaults are designed to make digital life at least a little easier, but they have their own drawbacks and vulnerabilities. Data breaches can expose all of your stored account credentials at once, and forgetting a master password login frequently requires starting from scratch. Meanwhile, biometer login alternatives like face or fingerprint identification are nonstarters for especially privacy-minded people. All these frustrations often beg the question: what can anyone really do about it?
“For everyday users, one of the biggest pain points is when a website demands an updated password,” Nitish Saxena, aTexas A&M computer engineer, said in a statement. “That’s where a lot of people get fed up. You’re told to create something new, different, stronger, again and again.”
Over 10 years of investigating the problem and possible solutions has led to Hidden Password, Password manager Online (HIPPO).The browser extension combines the concept of a master password, with encryption and cryptography. But unlike traditional password vaults, HIPPO technically doesn’t store a library of login information.
“There’s something psychologically reassuring about knowing there isn’t a digital ‘safe’ full of your credentials somewhere,” said Saxena. “Even if you trust the vault, it’s still a single point of failure – it’s like putting all of your eggs in one basket. HIPPO avoids that problem completely.”
Here’s how it works: once a user creates a master password, HIPPO pairs it to a website while also generating a unique, random password tied to that same domain name. This newly created password is quickly discarded after the user logs in leaving no trace behind it. The process then repeats every time a domain asks for credentials again.
Early research indicates HIPPO shows promise. Saxena and colleagues tasked 25 study volunteers to conduct a series of everyday online tasks such as repeatedly logging into accounts and changing passwords. From there, the team asked them to continue performing the same activities while employing the HIPPO browser extension. In general, the study participants ranked the new tool higher than their own password managers while remaining easy to use.
“We went into this expecting a clear trade-off. More security usually means more hassle,” said Saxena. “What we saw instead is that people were actually happier once they stopped worrying about remembering or typing a complex password.”
HIPPO isn’t available publicly yet and Saxena’s team is still working on making the overall experience smoother and more automated. However, they plan to transition beyond the lab into everyday test cases in the near future. Like with any good login, the right combination of technology and creativity may unlock the digital door to an easier life online.
The post Promising browser extension wants to save you from password hell appeared first on Popular Science.
Promising browser extension wants to save you from password hell
previous post
