Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Images as Passwords

Posted by CmdrTaco on from the please-select-15-images dept.

TekkenLaw writes "According to this news on Reuters, MS is looking at images rather than plain old text for enhancing security. The key - images, which tend to make more of an impression on people than strings of text characters. This is especially interesting in context of the crappy passwords story that ran on Slashdot that ran few days back." So when you call support to get your lost password, will they ask you what your mothers maiden hair color was?

4 of 268 comments (clear)

  1. Eyes, nose, mouth by Anonymous Coward · · Score: 5, Insightful

    Can you guess which points a typical person would click on that image of a face? That's right - Eye, eye, nostril, mouth.

    People don't select lousy passwords ONLY because they are lazy. They also select them because they don't think there is a credible threat to their accounts. They don't BELIEVE in hackers who would target them.

    Without an increase in paranoia among average people, I don't see how a user-selected secret will ever provide security.

  2. Re:um by dj28 · · Score: 4, Insightful

    Yea, and the funny part is that in that article, the majority of the posts were praising the technology. Now that it's about Microsoft, eveyone is quick to critisize it. Gotta love the bias here.

  3. Login with someone behind you? by aralin · · Score: 5, Insightful

    Well, I've got this idea quite a few years ago, but honestly, did you ever try to login with someone watching? And its much easier to watch the monitor than your keyboard. And at least I can type my twenty something passwords reallllly fast and have some intentional typos in them, but - man - how can you click on pictures without someone seeing the pointer moving over the right pictures....

    --
    If programs would be read like poetry, most programmers would be Vogons.
  4. Re:Worse idea. by garett_spencley · · Score: 5, Insightful

    You said, and I quote: "There's a damn good reasons why you're told not to reuse passwords." Show me why? 15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.

    I'm going to actually give you a real life example to help you understand why this is important.

    Some time last year (you may remember if you've been around /. that long) someone cracked /.'s backup server where they got full access to the database including Rob's password. So they got everyone's password.

    Now if you use that same password for /. then they got your password for everything. They didn't crack or guess your password instead they cracked something completely different and your password happened to be stored there.

    So imagine if you use that password for your online banking, e-mail, work account etc. It's pretty serious.

    The point is that it doesn't matter how secure or insecure your password is. You just don't use the same password for everything plain and simple.

    The same could happen with hotmail. Your work's network etc.

    --
    Garett