Slashdot Mirror
Pictorial Passwords
Stone Rhino writes: "No longer do you need to remember passwords. Now, thanks to graduate students at Berkeley you merely need to pick out the right pieces of abstract art. There is a story on it at the New York Times. However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices." Maybe you have to get the sequence of images correct? If so there are some six million combinations, still weaker than a optimum password but probably stronger than the passwords most people choose (usually their significant other's name). There's another article on passwords in that same NYT edition.
Looks like they are planning on using it for ATM Machine's which only have 4 digit numbers... seems like a better idea to me.
Sure, why not? At least one penguin would be in any Linux user ;)
> than the passwords most people choose (usually
> their significant other's name)
So does this mean that the harder a person's password is to crack, the less likely they are to have a sex life?
Customer's have enough trouble understanding "click the button with the X in the upper right corner".
I wouldn't know where to begin trying to describe what pictures to use for their password... "Ok, now choose the picture that looks like a moose being sucked into a vortex".
First Link: http://college.nytimes.com/2001/12/27/technology/c ircuits/27PBOX.html
c ircuits/27PASS.html
Second Link: http://college.nytimes.com/2001/12/27/technology/
Then all the better reason to be interested in an article about easy-to-remeber passwords. :)
Adversive
My cat's breath smells like cat food.
Here is a link that works
The Link
er, and if that doesn't, simply take the linked url in the sotry and replace www.nytimes.com with archive.nytimes.com
"Galadriel is one icy babe but Jackson got it right"
Password: gi1ibbJgir
And I'm sure this approach is nothing new to most /.'ers. And the cool thing is that just a couple of words from the password, say Galadriel and babe, is enough to bring the bloody password back long after one's finished with it.
Feh!
:wq
A year or so ago, I found this little beauty: PassFace Technology -- Give it a try. You click on people's faces to get in.
What was interesting was that in finding that URL, I went back to the site for the first time in over a year, and was able to log-in no problem. I remembered my combination of faces.
There's definitely something to this technology!
rOD.
Rod Begbie done this, and he's not
Remembering passwords can be tough, granted, but I don't think pictures are the answer either. If you only had one or two "passwords" (Picwords? Passpics?) to worry about, but more than that, you'll just start to confuse pictures from one set to another.
Also, what about the disabled? It would seem like a no-brainer to offer vision-impaired an alternative, text-based password, but if your rolling this out large scale (like ATM's or something), you might be looking at a number in the thousands of customers who can't use your picture-password system. Major admin headaches.
It hurts when I pee.
"Even high-ranking executives may act on naïve impulses when it comes to choosing a password"
Even high-ranking executives? Make that especially.
RealUser has done almost exactly the same thing, except using faces, not abstract designs. It's worth checking out their site, since they seem to have thought it through reasonably well. (Read the whitepapers; they have the real meat...) One of the interesting things about these systems is that since you can't describe your password, the correct choices have to be displayed on screen along with some invalid choices, which opens up the system to some attacks unless you construct it very carefully.
The latest PocketPC OS have a nice way of avoiding bruteforcing of four-digit passcodes. There is simply a growing delay between each time you can enter a new passcode after entering a wrong one, so that after entering the wrong passcode seven times or so, there is an almost ten second wait before you enter in a new passcode.
:)
Wouldn't this be a good way to avoide bruteforcing of these pictorial passwords?
Have you seen Safe House film? http://us.imdb.com/Title?0120051
There's a intesting way to draw passwords.
I've found that most of the people I know tend to use the same password or pin for everything they have - their e-mail password is the same as their AOL password is the same as their bank PIN and so on.
Using pictures would make this all but impossible, since every provider would (or at least, SHOULD) be using their own set of pictures.
While that's all good for security, I can't believe that it would make remembering your password any easier. Since the story is touting that as the chief benefit, I think they're going to have a really hard sell.
What's your damage, Heather?
Can you imagine having an emergency in our future-tech age?
"No Bill, it's Black Guy, Asian Guy, Samoan Woman, Black Guy with the scar, White Guy with glasses! Hurry up before the Holodeck explodes!"
------
Today's Top Deals
The point being of course, that for a password to be easy to remember, it does not have to be a literal word. It can be based on some other factor that is easily memorized, not based on words at all.
"It is a greater offense to steal men's labor, than their clothes"
A cursory reading of the article suggests that passwords aren't limited to permutations of 25 elements; 25 is just the number of images against which you have to verify. It's like being shown a list of 128 binary numbers and asked to choose the one that's yours; the numbers themselves can be more then 7 digits long. Of course, that still means that some mechanism is necessary to prevent brute-forcing, but that's a relatively trivial problem (especially in contexts like ATMs, where they already do that).
Passwords have never been more than a low level rung on the ladder of trust. If you want security, equip the ATM with a fingerprint pad and/or a camera and eye piece capable of taking retinal prints.
The rest, as we can read, is just a bunch of jokes.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
But I have done my work in the IT-support dept. and I think that many would agree that this system would be a lot better in many cases.
I have seen to many times people doing all the "don't do's" like writing down the password and putting it on the desk, keyboard, monitor. and forcing them to change the password once in a while makes it even worse, like they use a name followed by a number and then they just increment the number when the have to change the password.
The lack of a single signon often amplifies this problem.
Not so sure at all.
Seems like you'd have to be really careful not to exclude the color blind. And the actually blind. Or just those with bad vision, or really poor visual memories.
Visit me on #weirdness on the Galaxynet.
...if you leave info on your ex-roommate's computer and he loses his junk lawsuit against you and uses the info to steal all your accounts/nicks/webmailboxes/etc.
What I find interesting is that most people have poor spatial reasoning and form recognition. In fact, tests of those two are used in IQ tests and the ASVAB (Armed Services Vocational Aptitude Battery) - specifically for military to guage your ability to avoid friendly-fire incidents, recognize enemy movements/formations/activities.
Since it's obviously not a picture-puzzle to be assembled, I think a lot of people would have a hard time remembering.
think for yourself, you won't like the results if others do it for you.
Since they intend to use this as an ATM machine security system, its worth noting that since the beginning of ATM machines, generally three wrong PIN number entries in a row will cause it to eat your card. I suppose one could try a couple passwords, cancel the transaction and get the card back and repeat ad infinitum, but this seriously hampers the brute force effort.
Do not taunt Happy Fun Ball(TM)
This document contains a rough reckoner for calculating whether a passphrase is strong or weak. It makes the point that for a passphrase to be as strong as the encryption in PGP, it needs to be 30+ characters long. ! Remembering one or two paintings might not quite cut it.
For most systems, you can safely use shorter passphrases if you are only permitted a limited number of attempts or have no access to the machine (like at a bank) or the passphrase is changed frequently, or if the phrase is truly random.
Regardless, the strength of the passphrase is almost always the weakest link in any security system.
"Well, put a stake in my heart and drag me into sunlight."
So where do I enter this password in my old, trustworthy 10" monochrom vt220 (or my PuTTY at work if you're reaction to the former is "yuck! those should've died thousands of years ago").
It seems that a visual password would make it much easier for someone across the room to see and learn. One would have a hard time looking at my keyboard if they were behind me, but the whole reason any password login puts bullets on screen is so someone looking at the screen can't see it. Does this system use a mouse or is there some way to pick out the pictures using a keyboard with no on screen indicator? Of course, if that's the case, then this system may not be as idiot proof as they hope.
Do not taunt Happy Fun Ball(TM)
The second article mentions the Department of Defense guidelines for passwords. They're an interesting read.
However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices
What they dont mention is that pictoral passwords are intended to be used in an ATM enviornment, rather that on a LAN. The PIN for your ATM is only 4 numerics long, not even alpha-numeric. A brute forcer can do 2 million/sec on a 800mhz pc, it would brute the entire key space in a millisecond in ATMs.
The reason why PINs are only 4 digits is the other compensating controls you have in the banking enviornment.
1) There is an extremely limited interface to the ATM (just keypad and and a few multi-use keys).
2) The physical security of an ATM, these suckers are actually safes that are resistant to bomb blasts, rednecks trying to tow them away with their 1/2 ton chevys, etc.
3) The PINs are stored on a crypto device, not physically at the ATM, that destroys itself if it is pried open.
So, this would be good for banking applications, but not good on your LAN... for obvious reasons.
one of the problems that many people have with "strong passwords" is *NOT* their lack of a strong kinesthetic memory- I can ``remember'' any password simply by typing it: sound familiar?
:)
:D)
Problem is that this has NOTHING AT ALL to do with how you actually pull out that memory. I mean, having this strong kinesthetics allows you to keep that password in your head, but it does nothing for pulling it out (unless you ALWAYS use the same password... more on this later)
What triggers that memory really has to be one of four things: A sound, an image, a phrase (written), or a touch. That's not true, at least with me (functional keyed-retreival) but most people at least fall into those four.
This is a cue that your mind uses to pull out those memories at the appropriate moment. The feedback starts and you can whip out your password completely automatically, right?
Some "realistic solutions" to these problems include: BIOMETRICS - which don't require ANY memory, SINGLE LOGIN - which limit the number of cues needed, ASSYMETRIC-KEY - which relies on math, etc, etc.
I say "realistic" because people have used them and they DO work. They don't affect that memory pathway in and of itself, but instead rely on more durable pathways (e.g. outside of the person
Unrealistic methods? Pictorial passwords. Besides the obvious that they're useless to the blind, many (dare I say most? nah, I couldn't find those numbers) people lack a visual eidetic. This means that they're very easy to confuse with similar images - because they cannot be used as triggers for their memory- They simply cannot remember seeing that.
Surely, they can remember the memory of seeing, or the act, maybe if they described it to themselves (common: turning a visual cue into an audio one, but this is time consuming and rarely works for long) - point being, it pushes WAY too much emphesis on only one cue.
With our current method, I gain some visual cues; input fields on the left, on the right, a popup, etc. I also gain some functional cues (mail related? do I know these people? am I these people? was this just a test?)
I then turn all these cues into the blinding flash of realization that sends my fingertips into a frenzy typing out the appropriate login and password for wherever I'm at. (except on slashdot, i'm a wuss... i use cookies
My cues may not be the same as everyone elses' but everyone does have cues. I think that changing the focus of WHAT we remember is less important than changing the cues by which we DO remember.
(There, I think that makes more sense now)
And the #1 assigned password? ...
'changeme'
Oh yes, indeedy..
jf
it's not new. i remember using an apple newton that had a picture based password option.
US Citizen living abroad? Register to vote!
I once read about a hack which consisted of analyzing the "typing rythm" of a user : this way, the system could determine whether the user was hwo he claimed to be by analyzing the time he took to enter his passwd characters, as well as the period of inactivity between pressures on each of the keyboard keys.
Of course applying it may require some learning session from the software...
I however think it is high time we got pressure-sensitive keyboards so that we may finally derivate such idea in some kind of computer-graphology (BTW these keyboards would be great for musicians as well as hard core gamers who need enhanced versatility while fragging around).
Until then, I presume it would still be be possible to use the mouse to write the password instead of typing it.
An advantage of either concept is that the annoying 3 second waiting time we have after a wrong passwd entry could be avoided if the login daemon detects that the attempt is too long to be part of a brutal force/dictionary attack.
Trolling using another account since 2005.
Interestingly enough, this is something that I tried hacking out a few years ago (though not under the pleasure of being funded by an academic institution).
I found that people like to click on distinct places, and not the whitespace between shapes/objects. Otherwise, they won't be able to remember exactly which spot they clicked on. This can be analogous to people using dictionary words for their alphanumeric passwords.
Another annoyance that I found was that hitting the exact pixel that you wanted was nearly impossible. You're more likely to hit one adjacent, or 2 away... so increasing the area of error reduces the number of possibilities.
Finally, when I want to get work done, I don't want to play a video game. Making someone hit their exact spot in a sequence of 5, or 10 images, whatever requires skill and accuracy. If you hit the first 9 right, and mess up by one pixel on the last, you have to start all over again. Imagine if you had to achieve a difficult feat - like slaying 20 characters in Quake on nightmare mode before you can log in... damn.
In summary, I think this is a really cool idea (otherwise, I wouldn't have gone to the trouble of implementing it myself) - but the downsides outweigh the benefits.
- passion
If it's an ATM there at the bank it will eat your card! Happened to me once when they gave me the wrong PIN and I tried it 3 times.
-l
Help cure AIDS, cancer, and more. Donate your unused computer time to worldcommunitygrid.org. Join Team Slashdot!
This just won't work for most applications.
Oh, maybe for an ATM, where it's more secure than a four-digit PIN, it'd be secure enough, but it's still unworkable.
Most ATMs use very low-res displays; in fact, many are text-only displays. (I believe a large number of them are actual Hercules monochrome cards, with the ATM running OS/2, for instance.)
If you use a touch-screen, it'll become impossible to hide what you're typing, so you pretty much have to stick numbers up there and have people type the number of the correct picture. You'll have to swap the pictures around if you want to prevent people from just writing the numbers down, so you'll end up with it being harder to remember because the pictures are all on screen at once and in a different place every time.
In the end, you'll have to keep the number of pictures low, and the length of the password low, or people won't be able to remember. Hell, people forget their 4-digit PINs now.
At least with a PIN you can disguise it when writing it down; put it in your address book as Uncle Luigi, with the last four digits of his bullshit phone number being your PIN. What are you gonna do if you need a reminder for this, take a Polaroid of the screen and put it in your wallet?
I'm sure there are applications where this technology will work, but I don't think ATMs are it, and I'm REALLY skeptical about using it for locking PCs.
Biometrics are the future of easy-to-remember identification.
Then you could use the whole phrase. No dictionary attack's going to be useful against that, especially if you fiddle with case and it'd take rather a long time to brute force it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I can't see the point in using this for ATMs. Those things are never brute-forced, it's much simpler to just have a guy stand behind and watch you type. Assuming you still have to press some button to select the pictures, he can still watch. The best security improvement would be a cover over the keypad, or putting the ATM itself inside a one-person sized cubicle.
Of course other systems are subject to brute force attacks on weak passwords...so this may be more approprate there. I can just see it in Windows 2004 - "Press ctrl-alt-del and pick the right 3 cats". Hmmm...business use??
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
The biggest security problem is people are vulnerable to social engineering. It is too easy to get someone to share alphanumeric passwords, pictures would make it much harder for people to share passwords. However it seems a little late for this to take off, as biometrics are coming down in price, and will mostly eliminate the problem.
for the project itself
http://www.sims.berkeley.edu/~rachna/dejavu/
Which always seems to be missing.
Insecure! Insecure!
This trick is well understood by the crackers of the world, who do not discount passwords to try because they aren't in the OED. They have wordlists of Tolkein, and Dune, and Star Trek, and Star Wars, etc. etc. You'd be better going for something less Geeky.
For me, I use strings of characters based on a keyboard shape. Example: gfhbt makes a sort of star on your keyboard. I add some punctuation in there too of course. You can quickly learn a sort of muscle memory of the movement you make to type it. Doubtless now someone will post explaining how crackers beat this one.
This abstract art sounds a good idea, but surely there's a better way? The human capacity to recognize faces is one of the most effective known. So, make my ATM password Margaret Thatcher, Abe Lincoln, Spock and Graham Chapman(wasn't that an actual plot of an episode?)
~~~~~ BigLig2? You mean there's another one of me?
can be found in one of the researchers' papers, where it can be seen that the poster, editor, and many of the commentators here make incorrect assumptions. The user of the system must simply recognize which subset of images from a presented set belong to a previously chosen portfolio. The number of images in the portfolio is larger than the number of portfolio images in the presented set; this makes shoulder surfing ineffective unless it is done repeatedly. Also, identification of the portfolio images can be done by pressing keys, and can be hidden just as are conventional passwords. Each image is equivalent to an eight-byte number, but from this large set they have hand-selected 10,000 images for the current implementation, still leading to a very large number of possible passwords.
The weakest part of the system is what I would have thought was the obvious one: quoting from the paper,
I thought of two problems with this system, maybe a more comprehensve article would answer these questions.
Anyway, since humans are very good at remembering visual information, wouldnt it be fairly easy to watch someone login a few times and see which images are the same.
Also, i see another problem, if someone was watching you they can determine what images you select. This would happen because of the speed at which you would select the images. since, the images are most likely randomly placed, you cant remember the position of the items, so you have to process the complete set of images and then select the proper images. Then if someone is looking at you, they can see the keys you press, and associate it with the image.
Compare that to textual passwords. You know your password isn't going to change, and even if you type at 20wpm, it would only take 1 or 2 seconds to type the password. And I think, it is much harder to look at your fingers and determine which keys you hit at which time.
Agreed, on-screen indication of your image choices would facilitate shoulder-surfing. Not Good.
Compatibility with legacy ATMs. There's even more difficulties than just shoulder-surfing... what happens if your account uses a "visual password" and you find yourself at an "old-fashioned" ATM that requires a numeric PIN? Poof! So much for being able to access your account around the world! Unless, of course, you are also required to memorize a numeric PIN, which will likely be forgotten from disuse! Any additional security from the additional permutations offered by a "visual password" would be lost as a cracker could try and break the numeric PIN, instead.
Physical posession of bank card not required. Further, with more and more banks offering on-line access, there is no longer a requirement that the physical card be present at the time of the transaction. Set up a shell account, use the on-line bill-pay feature to send some funds to it from the hijacked account, and the deal is done.
Computing the number of passwords.Since I went through the work of figuring these for myself, I thought I might as well share it here to save others from the work. Also, there are other ways of viewing this which lead to a vastly larger number of choices, so I'll include those here, as well.
Current practice #1. Many accounts require only a 4-digit PIN. Which offers the user a choice of any 4-digit number from "0000", "0001", "0002", ... "9999"; that works out to their being only 10, 000 choices.
Current practice #2. Some accounts permit an 8-digit PIN. Which offers the user a choice of any 8-digit number from "00000000", "00000001", "00000002", ... "99999999"; that works out to their being 100,000,000 choices.
Original posting: 53,130 possible choices. That seemed much smaller than I would have thought. For those who are interested, here is how that number was reached.
The calculation resulted from determining the number of combinations of 5 objects taken from a pool of 25 where order is not significant.
First, the calculations which produced this value, and other possible computations which produce a much-larger number of choices.
The original 53,130 can be worked outas follows:
(25!) / ( (25 - 5)! * 5! )
= 25! / (20! * 5!)
= (25 * 24 * 23 * 22 * 21 * 20!) / (20! * 5!)
= (25 * 24 * 23 * 22 * 21) / (5 * 4 * 3 * 2 * 1)
= (25 * 24 * 23 * 22 * 21) / (5 * 24)
= (5 * 23 * 22 * 21)
= 53,130
The original posting suggested it might be more like 6 million choices. If, we assume that the order IS significant, AND, no re-use of a choice is permitted, then we can come up with the "six-million" choices:
25 * 24 * 23 * 22 * 21 = 6,375,600
If re-use of a previously selected image is permitted, then we have ALL 25 visuals available for EACH of the 5 choices:
25 * 25 * 25 * 25 * 25 = 9,765,625
Summary. In short, there are at best on the order of 10 million choices using the visual password technique, and it would require a tremendous amount of change to the existing ATM infrastructure. Simply using an 8-digit PIN permits 100 million choices, and does NOT require any major changes to existing ATMs. In light of these calculations and costs to implement, I doubt we'll see this new technique implemented any time soon, if at all.
I've been thinking for some time that pictorial cues would make for better error messages than the current situation. Anyone who has spent time doing customer support has had a conversation something like this: "it's broken" "did it give any error message?" "yeah, something about error or something" "please put your head in the blender"
Has anyone done any research into pictorial errors? I think the average end-user might actually remember 'blue puppy with a banana'. You don't need too many symbols before you can encode a fair number of error messages especially if you include a small number of colour variations, and the sort of thing used currently by people like MS is meaningless to everyone but the programmer anyway (long hex codes). Once you've accepted that the user is not in a position to fix the problem themselves, then the challenge becomes one of conveying the information to the support person without corruption or loss of detail.
Obviously, having software that doesn't produce errors or allow the user into 'error' situations would be better still, but that seems to be too hard.
"don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
I recognize the reference... but the real 3 most common passwords are
password
the username
your company name
I wish. A couple of years ago, I worked as a sysadmin for a large government institution (which will remain unnamed) where I determined that 89% of all passwords could be compromised in three tries by using
- the username
- "password"
- "secret"
Given a fourth try, you could nail half of the remainder with "pass".And yes, I tried to get this changed, but end-user recalcitrance trumped common-sense. Until we have standardized biometric validation over secure channels, I don't think it's going to get any better.
Proud member of the Weirdo-American community.
the pseudo-anagram method is the best. Think up a sentence or phrase and use the letters in an order than makes sense to you.
I really like 2 eat pizza on Fridays. Irl2epoF.
The addition of nyumerics and punctuation GREATLY increases the complexity and time required to brute force a password.
errr....umm...*whooosh* *whoosh* Is this thing on ?
I'm not certain these techniques address the major problem most of us face: assuring unique identities on the systems with which we interact.
/.'ers can probably empathize with me. I have a (password-protected, of course) password app on my Handspring Visor. I have nearly 30 passwords and user ID's in this app, including my /. ID and password and NYT ID and password. This does not include the systems with which I interact on a daily basis. Add those ID's and passwords, and I probably have nearly 40 identities to remember.
Most
Granted, the normal user doesn't have our problem. However, the normal user also has little inclination to merely accept this predicament. While I think nothing of whipping out my Visor for a password, most people lack the sense of urgency we feel to insure system security. Nor do they have the patience to commit 30+ identities and passwords to memory.
Maybe we've run into the "Aunt Minnie" problem. Aunt Minnie knows who she is, she wants to be her everywhere, and she has no desire to create a unique identity on every system she sees. So we shouldn't be surprised to see Aunt Minnie use her AOL ID and password for Web sites and such.
JA
http://www.johnalex.org/
Yeah, that's secure. I mean, it's way harder to shoulder-surf five consecutive movements of a mouse pointer between five pictures from halfway across the room than it is ten fingers on 40-odd keys.
Until we get cameras that track eye movements installed on every computer, the "visual password" is a bad idea.
..about a year ago. I've become infatuated with PHP over the past few months, and as a personal project I created a web based authentication system that required the user to click on certain images in order to enter a restricted area. The only snag was that there was no obvious "enter your password" page. When you hit the site, it looked like your average web page with standardish looking graphics. The user had to click on certain images on the main page (in a certain order) and they would be led to the private zone. Think of it as logging into /. by clicking on the graphics already supplied on the homepage.
The only flaw we found was that mouse clicks can be monitored remotely all to easily. Not necessarily through a network connection, but just by looking over someones shoulder, even if you're some distance away. It was like typeing in a password, but the stars don't come up to mask your characters.
Eventually it all seemed nifty, but not very useful. We have since started looking into biometrics, particularly fingerprint ID systems. Their cost is coming down quickly and they integrate well into Win2K. I'm now looking into how to get these things to work well with my Linux boxen.
I'm against picketing, but I don't know how to show it.
Okay. So they got that part (and I've bothered to read the article now *grin*). And I'm impressed by their purported 90% success (to compare to 70% for alphanumeric passcodes).
However, I would have to see their test methodology to not instintively want to criticize this. I have to wonder if they tested peeople's ability to remember multiple passwords (especially mixing a frequent use one with a not-so-frequent one). I have to wonder how they plan to enable this system so that visually-impaired people, from the color-blind to people without eyeballs, can use the system. And I have to wonder how well they can test people's ability to remember *changed* passwords-- if the images from my last password show up on the selection grid, will this interfere with my visual memory?
I do not have a signature
I have 4 foreign license plates hanging on the wall right behind the monitor (well, foreign to me, they're US plates). Most people think of it as a nifty wall decoration, but little do they know. They hold the keys to my online identity. All of my password consist of a plate number, a combined plate number, the number backwards, etc. And most sites allow you to enter an own forgot-my-pass question. For me this is usually (Illinois+Washington) so i exactly know my passwort. And they're not special plates with dictionary words but alphanumerical ones. Unfortunately my fav isa little too obvious - it's from the State of Washington and reads "31337".
+++ath0
Logging into my account at Playboy.com, now let's see if I can remember....
"Blonde frontal, Redhead reclining, Brunette upper body... oooohh, look at the zoomies on that new asian chick in the lower right corner, will ya?"
"# Password rejected: try again".
Comment removed based on user account deletion
Today's dumb security hole:
Someone sent me e-mail today (not spam) with a bad source host name. I looked at the headers, and put the last IP address into a web browser, hoping to locate the sender. This immediately connected me to a Vina Technologies router for four T1 lines, both data and voice. No password prompt, no security whatsoever. I could read the whole system config, including passwords, and appeared to have enough privileges to reconfigure the router. Located the relevant network provider and told them. They were extremely embarassed, and fixed it within minutes.
That reflects badly on the router manufacturer. A unit like that should not come with no password, open to the world, as a default. Linksys, though, is notorious for this. Not only do their routers come with no password as a default, they will accept TFTP firmware downloads from the outside world. We need product liability for this sort of thing.
It's either an install option or default depending on your distribution. You may already have it installed.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The method has been previously described (using faces) by PassFace and RealUser, and they are trying to commercialize it.
Passlogix has been pushing this idea for at least a year. They refuse to listen to WHY it is a bad idea, even when confronted with overwhelming proof that it is not secure.
In Passlogix visual password schemes, ORDER DOES NOT MATTER.
This is a bad thing.
Most of their passwords have about 27 or so combinations per password "element". (Some are weaker than that.) This alone makes it weaker than a standard passphrase. If order does not matter, then the longer the password, the less it adds to the entropy. At five characters you lose about 95% of the number of combinations v.s. if order did matter. It goes downhill from there.
To make matters worse, the gui is such a pain to use that people will not make passwords larger than about five characters!
Their backup routine would also allow someone to grab all of the password data and crack it on their own computer later.
Passlogix was told about these problems. They claimed that each passowrd element represented more than one bit of entropy. Where this other magical entropy came from i am not certain. (Only their proctoligist knows for sure.)
Graphical passwords are a bad idea as presently implemented. They do not add entropy and they are enough of a hastle that they encourage people to use short passwords. A bad idea all around.
"Trademarks are the heraldry of the new feudalism."
The way I understand it, the pictures which are not the correct one are randomly generated each time. So seeing a picture from one of your old passwords would be astronomically unlikely. You might be tricked by one that looks kinda like it, though.
Win dain a lotica, en vai tu ri silota
Which gives me a better idea for how to deal with passwords as pictures:
First have the user select the right image out of however many, then have them type in the right label (which would not be *quite* what the picture is, but close enough for the picture to serve as a reminder).
~REZ~ #43301. Who'd fake being me anyway?
OK, sounds like a good idea at first, but reminds me of the "date problem"
The "date problem" arises because humans like to assign significance to round numbers (like all the "end of the world" stuff surrounding the year 2000).. to combat this, a former Discordian decided that he would create his own calendar, using letters instead of numbers - you pick an arbitrary year, and this becomes year "A", next year is year "B", etc.. after 26 years, you get "AA", and then "AB", then "AC", etc.. the rationale behind this is that the lack of nice, even numbers means that people can't say "year 2000 is special", because there is no year 2000.
So far so good, right?
The problem with this is that humans have an (instictive?) desire to attach significance to unrelated objects.. so nobody can say that "year 2000" is important, but they will simply adapt this impulse to the new frame of reference: like "year DEATH", or "year SATAN" or year "ITSTHEENDOFTHEWORLDASWEKNOWITANDIFEELFINE" (this isn't my bit, but paraphrased from something I read a long time ago - my apologies to the original author, I don't remember where I read it.)
So back to the topic at hand...
People frequently use the name of their signficant other as a password - so we change the method, thinking it will solve the problem.. but it won't because all you're doing is moving the reference - now instead of using the name of their SO, or "1234", people will pick objects that have significance to them - such as picking pictures which feature their favourite color, or faces of people who look like thier SO.
And an even bigger problem with this (besides dealing with visually impaired people) is that people will be told "this is more secure than a password", so people will be even MORE inclined to make bad choices, which means that it's worse than sticking with the old way..
In short, it's an interesting idea, but the techies who came up with it should have run it by the psych department.
The interesting thing about Passfaces ( other than the idea that a small number of face choices is as secure as anything but a PIN-length password), is that most people can recognize faces well but can't describe them verbally well enough to reveal their passfaces to anybody else, even under coercion or court order. Rough descriptions ("it's a guy with a beard" "it's a woman with short hair") are easy, but they shuffle the faces around enough that unless the Bad Guys are showing you the actual pictures, you can't give a usefully repeatable description.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks