The most intriguing presentation for me at this afternoon's Demo session was UsableLogin, a system that will allegedly let you use one easy-to-remember password at any site you have an account for and not suffer the dire consequences typically forecast for those of us too lazy to change our passwords.
The theory is this: You go to your bank's sign-in page and instead of the usual boxes, you're greeted by some version of the image below. (You choose the image you want, a bonus if, like me, you believe that kittens are for drowning.)
Usable remembers the account user name and you fill in a simple password like "Die Fluffy." The Usable system takes that simple phrase and transforms it into a super-secure password using data on your PC and data that resides on the Usable servers. According to Usable's press release: "Usable Security never stores or saves the person's codeword, and Web sites never see it." I don't understand how the system gets you into a Web site if the site never sees your password, but I'm willing to give them the benefit of the doubt.
According to Usable founder Rachna Dhamija even if someone steals your password, they won't be able to use it to access your accounts because they won't have the data from your machine that Usable uses to transform the password in the background. And the system lets you see from a dashboard when your accounts have been accessed and from what systems. If you stop using a PC, you can deauthorize it so that others won't be able to use it to get into your accounts.
I don't pretend to understand entirely how Usable's system works and it'll be early next year before Usable's available. But Dhamija is certainly right that the password system is broken now and UsableLogin looks like a good way to solve it.
