Researchers create a new safer and enjoyable authentication method that aims to replace passwords
Researchers at Ģֱ have been working on a two-year research-to-business project funded by Business Finland, to develop a new multifactor authentication (MFA) solution that would solve password related usability and security problems.
The project, known as SAFE, is now at the finish line, and the team has a functional proof of concept called SalaLogin in their hands.
“In today’s world passwords are the most used authentication method, but they have a lot of problems in both usability and security. Our goal was to create a more secure and easy-to-use method that has the potential to replace the use of passwords altogether”, says Naomi Woods, the leading researcher in SAFE project.
Since the COVID pandemic the number of passwords has increased significantly, rising to an average 168 passwords per internet user in 2024.
The large number of passwords per user contributes to risky security behaviour, such as using weak passwords and reusing the same passwords for multiple accounts.
"This results in countless security breaches and financial losses yearly. And this is something that we want to fight against,” Woods says.
It is even estimated that more than 80% of security breaches are caused by weak or reused passwords.
The MFA solution is based on user psychology and designed to be stress-free, fun to use, and inclusive
The method developed by researchers, called Salalogin, aims to replace traditional passwords with a trusted device, biometrics, and something that the team calls Clues and Secrets.
The idea is that users can use the same solution with multiple digital accounts both in their personal and work life, thus making remembering and reusing multiple passwords redundant.
"By creating clues and secrets when registering a SalaLogin account, users do not have to go through the laborious task of creating a password every time they want to start a new online service. Users would only ever have to do this task once, and then only have to use six secret codes for the rest of their lives," Woods explains.
When users want to log into an account, they first enter their email, then use biometrics to identify themselves with their device and finally enter the correct secret code in response to one of the six clues presented on their device.
“During user testing, many participants reported that they were expecting to forget their secret codes but were surprised how easy it was to remember them once they saw the clue. Plus, many found it fun-to-use,” Woods says.
The method has been developed based not only on cyber security but also on user psychology. The team says that the process has been tested and shows to be less stressful than using traditional passwords, while simultaneously generating positive emotions by triggering memories of cherished experiences.
“Furthermore, SalaLogin has been developed in such a way that it can be adapted to meet high-level security requirements in say, organizations that have complex authentication needs,” Woods says.
The work continues with a new start-up company
The two-year long project not only delivered academic publications and a proof of concept but has also led to establishing a new start-up business called Sala Secure Ltd.
“Sala Secure is a user-centric company, with inclusivity and privacy at our core. We are privacy-minded, collecting a minimal amount of data from our users, with the aim to ensure both the privacy of our users and the security of our organizational customers. Furthermore, our solution can be adapted for different users, such as those with different disabilities or the elderly, without compromising the security of the solution. This makes SalaLogin one of the first inclusive authentication solutions,” Woods proudly states.
Woods says that the team’s next steps are securing financing and developing a commercially viable product of SalaLogin to enter the market with.
"We hope to establish Sala Secure Oy as a leader in inclusive, user-friendly, cybersecurity," Woods concludes.
