Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pictorial Passwords

Posted by michael on from the no-pr0n-allowed dept.

Stone Rhino writes: "No longer do you need to remember passwords. Now, thanks to graduate students at Berkeley you merely need to pick out the right pieces of abstract art. There is a story on it at the New York Times. However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices." Maybe you have to get the sequence of images correct? If so there are some six million combinations, still weaker than a optimum password but probably stronger than the passwords most people choose (usually their significant other's name). There's another article on passwords in that same NYT edition.

4 of 331 comments (clear)

  1. If it can't KNOW who I am, it's still spoof-able by crovira · · Score: 5, Informative

    Passwords have never been more than a low level rung on the ladder of trust. If you want security, equip the ATM with a fingerprint pad and/or a camera and eye piece capable of taking retinal prints.

    The rest, as we can read, is just a bunch of jokes.

    --
    MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
  2. Re:Jeebus! by Bonker · · Score: 5, Informative

    This is a fairly standard practice. It's been used in at least two IT offices I've worked in. It even makes handing out passwords during 'change day' easier, because all the networking and development staff have come to expect a neumonic rather than the password itself:

    "All Your Base Are Belong To Us!"

    becomes

    "aybab2u!"

    Another useful password naming procedure is the use of 'l33t speak' inside passwords... especially long ones. On systems that support passphrases or long passwords instead of 8 char strings, this makes creating and remembering passwords quite a bit easier.

    "My Password Rocks" is probably not so good, but

    "MyP455w0rdR0X0r5" is a 16 character password with 7 numbers, upper and lower case characters, and no long strings of plain english text to get chewed up in a dictionary attack.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  3. neat, but... by kevin+lyda · · Score: 5, Informative

    it's not new. i remember using an apple newton that had a picture based password option.

    --
    US Citizen living abroad? Register to vote!
  4. And here is the interesting URL by bodin · · Score: 5, Informative

    for the project itself

    http://www.sims.berkeley.edu/~rachna/dejavu/

    Which always seems to be missing.