Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Images as Passwords

Posted by CmdrTaco on from the please-select-15-images dept.

TekkenLaw writes "According to this news on Reuters, MS is looking at images rather than plain old text for enhancing security. The key - images, which tend to make more of an impression on people than strings of text characters. This is especially interesting in context of the crappy passwords story that ran on Slashdot that ran few days back." So when you call support to get your lost password, will they ask you what your mothers maiden hair color was?

5 of 268 comments (clear)

  1. Re:um by asavage · · Score: 4, Informative
    did they not run this same story a couple weeks ago?

    yeah, here is the link http://slashdot.org/article.pl?sid=01/12/28/134821 7

  2. Re:What if the image is stolen? by Account+10 · · Score: 3, Informative

    Blind people continue to use the keyboard. You can have alternatives in life, you know.

  3. Old, Old Idea by mesocyclone · · Score: 4, Informative

    In keeping with Microsoft's tradition of rarely doing its own innovation...

    Many years ago somebody was selling Automatic Teller Machines that used this approach instead of numeric PINs. I wish I had a reference but this was way pre-Web (1970s).

    Also, this was discussed at Usenix 2000 and CrypTec 99 - see:
    http://paris.cs.berkeley.edu/~perrig/projects.html #DEJAVU

    and on Slashdot on Dec 28, 2001

    --

    The only good weather is bad weather.

  4. Re:Worse idea. by JimE+Griff · · Score: 1, Informative

    This is totally valid. However, if your password is stolen because /. or Hotmail is cracked, then wouldn't the site which the password was stolen from (following Maggard's logic in "The Hard Way") be responsible? I mean, it would be terrible to lose all your personal or business files, but unless you were specifically told to pick a different password, you could just pass the buck to the people who allowed your password to be stolen. They then can pass the buck on to the site-cracker, if they can find them. If every individual is responsible for personal passwords, then I believe that websites, unless they have big disclaimers, are compelled to take atleast the same responsibility.

    --
    Jimmy _______ | | | \__/
  5. Re:Check me by blixel · · Score: 2, Informative

    Could this mean that if you change resolutions then you can not match your password without returning to the resolution used when setting the pass?

    I think it would just mean that you would have to use images of a "standard" size like 640x480 or 800x600 or even 1024x768. There aren't many modern day desktops that are running resolutions smaller than that and I doubt this type of technology is likely to find it's way onto legacy systems anyway.