Slashdot Mirror
Pictorial Passwords
Stone Rhino writes: "No longer do you need to remember passwords. Now, thanks to graduate students at Berkeley you merely need to pick out the right pieces of abstract art. There is a story on it at the New York Times. However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices." Maybe you have to get the sequence of images correct? If so there are some six million combinations, still weaker than a optimum password but probably stronger than the passwords most people choose (usually their significant other's name). There's another article on passwords in that same NYT edition.
Looks like they are planning on using it for ATM Machine's which only have 4 digit numbers... seems like a better idea to me.
> than the passwords most people choose (usually
> their significant other's name)
So does this mean that the harder a person's password is to crack, the less likely they are to have a sex life?
Customer's have enough trouble understanding "click the button with the X in the upper right corner".
I wouldn't know where to begin trying to describe what pictures to use for their password... "Ok, now choose the picture that looks like a moose being sucked into a vortex".
First Link: http://college.nytimes.com/2001/12/27/technology/c ircuits/27PBOX.html
c ircuits/27PASS.html
Second Link: http://college.nytimes.com/2001/12/27/technology/
"Galadriel is one icy babe but Jackson got it right"
Password: gi1ibbJgir
And I'm sure this approach is nothing new to most /.'ers. And the cool thing is that just a couple of words from the password, say Galadriel and babe, is enough to bring the bloody password back long after one's finished with it.
Feh!
:wq
A year or so ago, I found this little beauty: PassFace Technology -- Give it a try. You click on people's faces to get in.
What was interesting was that in finding that URL, I went back to the site for the first time in over a year, and was able to log-in no problem. I remembered my combination of faces.
There's definitely something to this technology!
rOD.
Rod Begbie done this, and he's not
"Even high-ranking executives may act on naïve impulses when it comes to choosing a password"
Even high-ranking executives? Make that especially.
Can you imagine having an emergency in our future-tech age?
"No Bill, it's Black Guy, Asian Guy, Samoan Woman, Black Guy with the scar, White Guy with glasses! Hurry up before the Holodeck explodes!"
------
Today's Top Deals
Passwords have never been more than a low level rung on the ladder of trust. If you want security, equip the ATM with a fingerprint pad and/or a camera and eye piece capable of taking retinal prints.
The rest, as we can read, is just a bunch of jokes.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Seems like you'd have to be really careful not to exclude the color blind. And the actually blind. Or just those with bad vision, or really poor visual memories.
Visit me on #weirdness on the Galaxynet.
It seems that a visual password would make it much easier for someone across the room to see and learn. One would have a hard time looking at my keyboard if they were behind me, but the whole reason any password login puts bullets on screen is so someone looking at the screen can't see it. Does this system use a mouse or is there some way to pick out the pictures using a keyboard with no on screen indicator? Of course, if that's the case, then this system may not be as idiot proof as they hope.
Do not taunt Happy Fun Ball(TM)
one of the problems that many people have with "strong passwords" is *NOT* their lack of a strong kinesthetic memory- I can ``remember'' any password simply by typing it: sound familiar?
:)
:D)
Problem is that this has NOTHING AT ALL to do with how you actually pull out that memory. I mean, having this strong kinesthetics allows you to keep that password in your head, but it does nothing for pulling it out (unless you ALWAYS use the same password... more on this later)
What triggers that memory really has to be one of four things: A sound, an image, a phrase (written), or a touch. That's not true, at least with me (functional keyed-retreival) but most people at least fall into those four.
This is a cue that your mind uses to pull out those memories at the appropriate moment. The feedback starts and you can whip out your password completely automatically, right?
Some "realistic solutions" to these problems include: BIOMETRICS - which don't require ANY memory, SINGLE LOGIN - which limit the number of cues needed, ASSYMETRIC-KEY - which relies on math, etc, etc.
I say "realistic" because people have used them and they DO work. They don't affect that memory pathway in and of itself, but instead rely on more durable pathways (e.g. outside of the person
Unrealistic methods? Pictorial passwords. Besides the obvious that they're useless to the blind, many (dare I say most? nah, I couldn't find those numbers) people lack a visual eidetic. This means that they're very easy to confuse with similar images - because they cannot be used as triggers for their memory- They simply cannot remember seeing that.
Surely, they can remember the memory of seeing, or the act, maybe if they described it to themselves (common: turning a visual cue into an audio one, but this is time consuming and rarely works for long) - point being, it pushes WAY too much emphesis on only one cue.
With our current method, I gain some visual cues; input fields on the left, on the right, a popup, etc. I also gain some functional cues (mail related? do I know these people? am I these people? was this just a test?)
I then turn all these cues into the blinding flash of realization that sends my fingertips into a frenzy typing out the appropriate login and password for wherever I'm at. (except on slashdot, i'm a wuss... i use cookies
My cues may not be the same as everyone elses' but everyone does have cues. I think that changing the focus of WHAT we remember is less important than changing the cues by which we DO remember.
(There, I think that makes more sense now)
it's not new. i remember using an apple newton that had a picture based password option.
US Citizen living abroad? Register to vote!
This just won't work for most applications.
Oh, maybe for an ATM, where it's more secure than a four-digit PIN, it'd be secure enough, but it's still unworkable.
Most ATMs use very low-res displays; in fact, many are text-only displays. (I believe a large number of them are actual Hercules monochrome cards, with the ATM running OS/2, for instance.)
If you use a touch-screen, it'll become impossible to hide what you're typing, so you pretty much have to stick numbers up there and have people type the number of the correct picture. You'll have to swap the pictures around if you want to prevent people from just writing the numbers down, so you'll end up with it being harder to remember because the pictures are all on screen at once and in a different place every time.
In the end, you'll have to keep the number of pictures low, and the length of the password low, or people won't be able to remember. Hell, people forget their 4-digit PINs now.
At least with a PIN you can disguise it when writing it down; put it in your address book as Uncle Luigi, with the last four digits of his bullshit phone number being your PIN. What are you gonna do if you need a reminder for this, take a Polaroid of the screen and put it in your wallet?
I'm sure there are applications where this technology will work, but I don't think ATMs are it, and I'm REALLY skeptical about using it for locking PCs.
Biometrics are the future of easy-to-remember identification.
for the project itself
http://www.sims.berkeley.edu/~rachna/dejavu/
Which always seems to be missing.