PUFFIN project researchers want users to login with their graphics cards

Imagine logging in to Facebook with hardware instead of relying on usernames and passwords!

If you’re tired of having to remember a bunch of different passwords for your Facebook profile, bank account, email and at least five other online accounts, then security researchers may have some good news! The same technology that lets users play Angry Birds in ultra high definition might be able to improve user authentication. And it’ll make logging in a little more convenient in the process.

Researchers are currently working on the “Physically unclonable functions found in standard PC components” (PUFFIN) project, according to Gizmag writer Darren Quick. The project is designed to build on layered security by utilizing the miniscule differences in graphics cards. Although the same brand and model looks identical to the naked eye, miniscule manufacturing differences do exist in video cards that can be identified by software. Security researchers plan to leverage those differences in order to create a new authentication system that would connect user accounts to specific hardware.

“With potential benefits including online user authentication, the ability to encrypt disks without the need for users to remember long passwords, and the ability to protect valuable electronic components against counterfeiting, the researchers are now looking for similar manufacturing differences in other hardware, including CPUs, PCI connectors and mobile phones,” Quick wrote.

It may seem like more of a headache for users who tend to access their accounts for many different devices, but it would be a lot more difficult for a cyber criminal from Russia to hack an account that uses hardware to authorize users. The technology is a little far off though, as researchers expect the PUFFIN project to run through 2015, according to Gizmag.

In the mean time…
There has been a significant amount of research going into better user authentication methods, including fingerprint scanning and voice recognition. As a quick Google search for “Siri blunders” reveals, voice technology has a way to go before users are likely to trust it as the guardian to their bank accounts. But that doesn’t mean they should rely entirely on the username/password system.

One of the current strategies for identifying authorized users is multi-factor authentication. Gmail offers the option of sending randomized codes to an individual’s cellphone each time he or she wants to access an account. As PC Pro recently pointed out, the system isn’t without flaws, but it’s another barrier between users and cyber criminals.

“Although such [two-step-authentication]-by-SMS systems are far from being without weakness, they undoubtedly add additional strength to the login process and as such should be considered a no-brainer,” the article stated.

Do you use two-factor authentication for any of your online accounts? Have you encountered any issues with it so far? Let us know in the comments section!

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.