Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pictorial Passwords

Posted by michael on from the no-pr0n-allowed dept.

Stone Rhino writes: "No longer do you need to remember passwords. Now, thanks to graduate students at Berkeley you merely need to pick out the right pieces of abstract art. There is a story on it at the New York Times. However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices." Maybe you have to get the sequence of images correct? If so there are some six million combinations, still weaker than a optimum password but probably stronger than the passwords most people choose (usually their significant other's name). There's another article on passwords in that same NYT edition.

4 of 331 comments (clear)

  1. ATMs by davidesh · · Score: 5, Insightful

    Looks like they are planning on using it for ATM Machine's which only have 4 digit numbers... seems like a better idea to me.

    1. Re:ATMs by webword · · Score: 5, Insightful

      ATM security is based on more than your PIN number. It has two foundations: PIN number and the card. Therefore, you need to have the card (physical media) and the PIN number.

      If you consider that a person would first need to steal your card and then figure out your PIN number, it becomes apparent that increasing the difficulty of the password is foolish. If your card is lost or stolen, you report it and you save yourself some pain. If your card is lost or stolen, you have a pretty reasonable barrier because the card is physical and needs to be taken to an ATM. Then, even if the card is used immediately, the thief needs to sift through 9999 combinations.

      Security is not meant to lock you in. It is meant to keep other people out. When you think about that, you'll see that you often just want very good security with excellent convenience. That is, you want optimum security, not maximum security. You do not really want maximum security because that would drammatically decrease convenience. For example, if you really wanted maximum security of your funds, you would put them in the bank physically and you would pull them out physically. You would not even use an ATM because the security is not maximum.

      ATMs are convenient and the security is reasonable. Most people can remember their cards and their 4-digit codes. If you start trying to increase the security, you are in for trouble in my opinion. If you really wanted to increase ATM security, forget about pictures. Instead, look into biometrics, which are much more reasonable.

      --
      How to Download YouTube Videos
  2. Jeebus! by mrfiddlehead · · Score: 5, Insightful
    Why is this still an issue? Pick a phrase, stick a couple of numbers in it, perhaps a 'special character' or two and go.

    "Galadriel is one icy babe but Jackson got it right"

    Password: gi1ibbJgir

    And I'm sure this approach is nothing new to most /.'ers. And the cool thing is that just a couple of words from the password, say Galadriel and babe, is enough to bring the bloody password back long after one's finished with it.

    Feh!

    --
    :wq
  3. Color blind by Eimi+Metamorphoumai · · Score: 5, Insightful

    Seems like you'd have to be really careful not to exclude the color blind. And the actually blind. Or just those with bad vision, or really poor visual memories.

    --

    Visit me on #weirdness on the Galaxynet.