Woo, lots of information. First of all, I’d like to thank you for your “frankness” by pointing out a lot of “obvious” weak spots in my post, I never realized that readers might not like that, I guess I got passed the “skin”, but to others, what they see is the “skin” !
You are like a mirror, I see my reflection through you, THANK YOU VERY MUCH !
Although I’ve been in software development for many years, but since I’m not in this field [ password security ], I don’t have that knowledge. I got into this area 5 years ago after watching a PBS show called “Rise of the Hackers”, which pointed out that password is a weak link in cybersecurity, and it bothers me that nowadays there are so many requirements for the passwords : lowercase, uppercase, numbers and special characters, at least 8 digits long, change every 2,3 months. Who can remember that with so many accounts ? I can’t !
Because I’m a person who likes to solve problems, I thought maybe I can do something about this and fix the password problem. So I looked at it and realized the root cause of the problem is the obviousness of the password authentication process, if your password is “123”, when you enter it, you do it one digit at a time : “1”,“2”,“3”, and if this process is intercepted by a hacker [ peek over the shoulder, keylogging or video recording ], he can steal it right away. So I thought maybe we should hide the pins among other symbols, so when user enters them as a group of symbols, then the password won’t stand out and won’t be obvious, something like this : “a1#~” , “y2+/”, “&3%$”, 3 tokens, each has 4 symbols with user pins mixed in with other symbols.
Yes it’s not obvious for sure, but what a hassle, too much trouble, right ?
So why not let the server generate those groups of symbols [ tokens ], and present them to the user on the screen and let user select which token to enter for each pin in his password, then the idea was born.
But then I realized, if I’m a hacker try to steal user password/passcode, I can record his login sessions and do a comparison, then figure out which one is the first pin which one is the 2nd pin, so on. Like the following, assume I intercepted user login 3 times :
[1] 1st time : “a1#~” , “y2+/”, “&3%$” [ Don’t know which could be user pins ]
[2] 2nd time : “v1%!” , “p2/+”, “=3^$” [ 1st pin is “1”, 2nd could be “2”,"/","+", 3rd could be “3”,"$" ]
[3] 3rd time : “h1$!” , “x2=%”, “&3*?” [ 1st pin is “1”, 2nd is “2”, 3rd is “3” ]
1st time I don’t know, 2nd time I can figure out that the 1st pin must be “1”, 3rd time I’ll know the whole password is “123”.
Therefore I came up with a way to hide some pins, and this would make hacker’s guess work MUCH HARDER, because some user pins could be missing each time, and when a pin is missing, user can and must use a wildcard in place of that pin, therefore user can authenticate [ the server knows which pin is intentional missing because they are generated by the server ], but the hacker won’t know when/where a user pin is missing in each login session, it changes every time.
Then I came up with an easy to remember name for this process : GATE : Graphic Access Tabular Entry.
The rest is history … I implemented it in Java, and now there are 3 free demo versions, also based on the GATE system I came up with a data encryption method, and got 2 patents for them.
Well, back to what you were saying … what is “FATE”, I looked it up, couldn’t find what it means. You seem to know the field quite well, do you see a potential for the GATE system ?!