Microsoft Passes on Passwords in Accessible Identity Tech Patent

Microsoft’s cybersecurity patent that uses secret handshakes walks a fine line between identity security and user privacy.

Photo of a Microsoft patent
Photo via U.S. Patent and Trademark Office

Sign up to uncover the latest in emerging technology.

Microsoft is bringing identity authentication beyond the keyboard. 

The tech firm filed a patent application for “sequence-based” authentication using “rhythm and/or poses.” To put it simply, Microsoft’s tech would use what amounts to a secret handshake that allows its users access to its systems. 

When a user requests log-in access to a system, Microsoft’s tech would ask the user for a “user-defined secret,” or a visual or audible sequence that’s used in place of a typical password, passphrase or PIN. This sequence can be a number of things, including a sequence of shapes, a rhythmic string of sounds, or several visual gestures. 

For example, the system may require a user to “speak, sing, clap or tap” a series of rhythmic sounds. It may also ask the user for single-hand or double-hand pose sequences, as well as a “full-body pose,” in which “an entirety of a user’s body is configured to form a shape.” 

The system then compares the user’s performance of these gestures or noises to what they defined as their sequence. Microsoft notes that this tech may use machine learning, such as with a neural network, to analyze and compare the user’s input to their secret sequences.

Microsoft noted that conventional authentication techniques don’t provide as much security, and passwords and PINs may be difficult for younger users in particular to remember. 

A system requiring the user to flash a complex series of gestures may seem like it’s meant for high-security situations, such as access to sensitive or confidential systems. However, this tech seems more likely to target those in need of accessibility features, said Patrick Harding, chief product architect at Ping Identity

“The security and identity industry has landed on authentication mechanisms where everybody should be able to hear and speak English, be able to type on a keyboard, or be able to write things or read things or hear things,” said Harding. “I think the primary focus of the patent is individuals who can’t necessarily use a keyboard, or remember a PIN or a password.” 

Microsoft’s tech could be helpful specifically in constrained devices, said Harding, such as televisions or gaming consoles (such as Microsoft-owned Xbox). For example, if a younger or older user can’t remember a password, they may more easily remember a pattern or hand symbol to mime with their remote or controller, he said. 

This method of authentication also walks a fine line between increased security and user privacy: While a handshake or phrase that’s secret between you and your device can be more secure than a pin, this tech stops short of full-on biometric authentication. 

This tech is helpful for lower-level security situations where biometrics may not be necessary, said Harding. While biometric authentication is often more secure, it presents its own security risks when users’ data is stored server-side, or not on the device itself, he said. 

“You could address that whole market through biometrics, but it’s overkill,” said Harding. “They’re coming up with a lighter-weight alternative that’s good enough for the situations that this will probably be tied to.”