Slashdot Mirror
Using Images as Passwords
TekkenLaw writes "According to this news on Reuters, MS is looking at images rather than plain old text for enhancing security. The key - images, which tend to make more of an impression on people than strings of text characters. This is especially interesting in context of the crappy passwords story that ran on Slashdot that ran few days back."
So when you call support to get your lost password, will they ask you what
your mothers maiden hair color was?
a friend of mine has a cool USB device that reads his thumb print, and he uses that to unlock his Windoze box.
"I would say that 99 per cent of what my father has written about his own life is false." - L. Ron Hubbard Jr.
a string of characters as a password how am I going to remember exactly which points and which sequence of points/graphics to click???
I don't get it - call me flummoxed.
for pr0n site access ;-)
AfterDark for Mac OS used to have a feature like this; you could select an image, and you would have to click on a certain part of it, optionally holding down a control-key combo, to unlock the screen saver, rather than type a password.
Can you guess which points a typical person would click on that image of a face? That's right - Eye, eye, nostril, mouth.
People don't select lousy passwords ONLY because they are lazy. They also select them because they don't think there is a credible threat to their accounts. They don't BELIEVE in hackers who would target them.
Without an increase in paranoia among average people, I don't see how a user-selected secret will ever provide security.
Novel idea, but I can see a lot of practical problems arising. For example, how do you determine how much room for error there is in clicking on certain parts of an image? Someone might choose to click on the sky, then a boat for their password. Will positions be based on something like +-5 pixels from where you originally clicked, or something smarter like using a magic-wand kind of algorithm? Also, what about people who are blind, or visually impaired? How will people sitting down at a computer figure this system out when they are presented with a picture? If you wish to share your password with someone remotely, how do you do it? (e.g. your mom forgets the password to the family computer and calls you up). Don't get me wrong, it's a novel idea, but I can see a lot of issues coming out of this.
slashdot!=valid HTML
Welcome to Microsoft Windows .NET 2005
In order to log in, please choose the One who you will truly worship, for He is the Supreme leader.
[ LINUS TORVALDS ] [ BILL GATES ] [ ROB MALDA ] [ LARRY WALL ]
Note: According to the EULA you agreed to unknowingly, choosing the wrong password could result in death and/or excommunication.
qslack.com
"Thank you for participating in the required MS Passport sign-up verification to get your latest reinstall of XP2005 to work. We're sorry, but the image of a closed fist lifting the middle finger has already been taken. Others you may want to consider: You lifting your middle finger while wearing gloves; you lifting your middle finger while wearing a Cracker Jack ring..."
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
From the news story: "Even with such a system, people would still be susceptible to "shoulder surfing," in which someone watches a computer user type in their password."
Users would have to be fools to "click" their password unless they are positively alone in the room. The current standard at least has masked text on screen, and the order of keys on the keyboard is VERY difficult to track even when the user is moderately good at typing.
Let's not forget that in the case of the new photo passwords, with 50% of users you would only have to know the "Lenny Bruce sequence" in their Playboy passphotos: T'n'A
~zecg.
yeah, here is the link http://slashdot.org/article.pl?sid=01/12/28/134821 7
The first article can be seen here
Next up will be the "Tapping System" where folks will rap out "Haircut & A Shave" on their desk to log in.
What other quirks of human nature will next be put to use trying to identify folks? The "Mictation Flex Rate"? The "Eyebrow Lift/Tongue Roll"? How about the "Tell the Same Stupid Joke" one; I've had co-workers who've been able to do those hundreds of times over & over without a single variation.
Or just teach folks how to use good paswords, put in some really good acceptance tests, and make it clear that if security is compromised by their poor password choice they'll be held responsable, same as leaving the door to the safe open.
Nahhh, there's gotta be a technolgy fix...
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
This is kindof interesting. A couple of things spring immediately to mind.
First, presentation of the image will (may) vary in different situations. The visual presentation of a password is pretty irrelevant: as long as you can understand and input the right symbols the font, colour size etc. in which they are presented isn't relevant. On the other hand an image must look substantially like the crib image. Sounds obvious, but consider differences in resolution, colour depth etc. You can divide the image into regions (a grid, perhaps) but ultimately there will be a limit to the resolution of the grid that you can rely on (not to mention input errors limiting the viable grid resolution.) To get more possible regions, you'd need a plain bigger image to get around the input resolution issue. All of which complicates the implementation (of course, you could break each image down semantically somehow, but that sounds like a further adventure altogether.)
And, after all that, prople may turn out to have pattern preferences that are "as crappy" as poorly chosen passwords? Always use a photo of your daughter and click on both eyes and outline her cute smile? Ooops. Use your country flag and click where regions of colour meet?
Yes, Johnny Mnemonic.
You stole my post as I was trying to remember the name of the movie, lol. This was really cool though. For anyone who doesn't know, Johnny (played by Keanu Reeves) is an information courier. He had information uploaded into his mind (needed some sort of implant, I can't completely recall) and then they randomly grabbed 3 screen shots off of the TV from random channels. One copy was kept for the initiators of the carry, another was faxed (tried to be faxed) to the recipient. The screen shots were used to retrieve the information as a password. Very cool.
Then the government can check to see where you like clicking pictures.
Did you use the Iraqi flag as your password?
Are you clicking on suggestive areas of that picutre of Natalie Portman?
I much prefer just having a city-wide network of surveillance cameras to verify my identity at all times.(/sarcasm)
Read Lostbrain's Oscar Predicitions!
tcd004
a keyboard. It would be easy to remember where to click, because I could remember it as a string of alphanumeric characters. I think this technology has promise.
Evil is the money of root.
And how are blind people going to log in?
This must be president Bush's idea.
-- Another senseless waste of fine bytes.
MS figured out that it can gather more than just boring ol' text information... It can gather images or sounds, or almost anything.
How about DNA security, where you sign your contract in blood!!!???
Why does that sound familiar?
If an image is 1280x1024 and is sensative to a 10x10 pixel area, that gives the user a grid of 128x102 to click in. A total of 13,056 clickable squares. If the user's password was 5 clicks long, that would give them 379,359,275,350,832,971,776 possible passwords. Is my math correct?
I'll use that guy from goat.cx... That'll keep people out of my computer
So now you have to remember the order in which you click on an image? Maybe that's easier for some people, but certainly not for me. I have one password that I've used for the past 15 years or so. It's 8 characters (9 if I need to mix numbers with it), and it appears completely random.
I've been using it for 15 years an nobody has ever hacked it. All you have to do is have one of these and remember it. Almost anyone can remember a single 8-10 digit password, if that's all they use. Just make one and stick with it. Maybe you'll need to change it every couple of years, but even so, once you have it down, it's pretty easy to remember.
Is it hack-proof? Of course not. Not even close, but for most applications where a password is needed, it's more than sufficient. I doubt anyone will take the time to try to hack my hotmail account when there are so many that can easily be dictionary attacked. I'll always be the last one someone tries to hack because it will take too long to hack mine, compared to most.
Just my personal opinion. Obviously for some things, you simply need real encryption, but for most online stuff, a single 8 character/digit password is fine.
"This is especially interesting in context of the crappy passwords story that ran on Slashdot that ran few days back."
:)
And it is even more interesting in context of the the the using images as passwords story that ran on Slashdot that ran [sic] a few days back.
Yea, and the funny part is that in that article, the majority of the posts were praising the technology. Now that it's about Microsoft, eveyone is quick to critisize it. Gotta love the bias here.
Pictoral Passwords (using abstract art)
(It isn't karma whoring when you're already at 50.)
"And like that
Well, I've got this idea quite a few years ago, but honestly, did you ever try to login with someone watching? And its much easier to watch the monitor than your keyboard. And at least I can type my twenty something passwords reallllly fast and have some intentional typos in them, but - man - how can you click on pictures without someone seeing the pointer moving over the right pictures....
If programs would be read like poetry, most programmers would be Vogons.
Exactly...Simple??
...good luck)
The random number generation from the clicks would have to use a combination of both position and the colour of the pixel that the user clicked and then don't forget order.
If they used only the colour of the pixel that could potentially be more insecure that characters as in their example they use countries flags which generally have 3 or less colours. If people are going to have images they're going to use familiar images (favourite cartoon characters, g/f's etc) which will be in digital form and probably on that persons web site anyways. (then again I suppose there are some bragging rights from being able to say my is the image at the of my page
Thats doesn't even get into trying to remember the data e.g. with 8 images
[1] First click image 3 at position 238x34.
[2] then click image 7 at position 12x67.
[3] then click image 1 at position 134x164.
[4] then click image 6 at position 34x241.
I think most people would have trouble remembering one clicks data. Let alone that fact that when they go to enter their 'password' they have to get the mouse on the exact position, meaning they are going to have to coordinates on the screen so they can line up (unless their position is an obvious point (bright spot?) on the image (more vunerability)), which takes time and someone could look over your shoulder trying to hone in on your point. I mean if you had a few piccies of bikini clad chicks, would you consider these images les secure?(think about it)
Personally I prefer characters. I don't think it is such a stretch to remember one 8 character random string, but thats me....
my 2.5 cents...
I've seen something like that. You could coose an image (the more complicate, the better) and define some points, which you have to remember. To login, you have to click the points you selected before, with more or less accuracy in a predefined order.
Life sucks.
Monkey, Sheep, Sheep, Monkey, HORSE. you HAVE to remember horse! Because if you don't.... You'll have to click on all the images! or... or could just click clippy for help. . .
Blind people continue to use the keyboard. You can have alternatives in life, you know.
Lotus Note on the Mac (I've never seen or used the Windows version) has a little something kinda like this in their password dialog.
As you type in your password, small images in a 2 x 2 layout change according to what you've typed. Even though the password text is bulleted out, you eventually come to recognize the 'correct' four images and know when you've misyped your password before hitting Enter. IMHO, this is the best feature of Notes, which otherwise sucks-- Lotus might not have been the first to use this idea, but it's the first place I've seen it.
And now I'd like to complain about the increasing retard-ification of our society. How can people be unable to choose a few non-obvious passwords (hell, just some random sequences of alphanumeric characters will do) and remember them with a mnemonic device? Why must we create an authentication system geared to the stupid so they can easily exist among us? Maybe they'd smarten up if they chose "password" as their password and had their checking account cleaned out for the third time as a result.
Of course, I should have seen this coming when McDonald's started using cash registers that had photos of the food on the keys and spit out the customers' change automatically, without the operator having to overtax his/her brain thinking about how a quarter, a dime, a nickel and three pennies have to combine forces to make 43 cents.
~Philly
Not surprising that MS would come up with this knowing their track record with security...
Consider anyone standing behing you while you select the appropriate login. They are bound to see the images you are selecting as your login much more clearly then the key combination you would have typed.
-- bartman
Right. As long as the user has control ofer those options.
However, most authentication are outside the user's control. Online banking, Web sites, you name it.
It's like saying blind people can use ascii to get around on the web. Except that most sites do not have text-only versions anymore. Add Flash to the mix, and I think I've made my point.
Aeasy answers make for easy rebuttals.
-- Another senseless waste of fine bytes.
But what if Micro$oft removes the possibility of logging in via the keyboard?
And what if this spreads to web sites as well, and it becomes very hip to log in to your favorite weblog via clicks on an image, rather than HTTP passwords?
You can have alternatives in life, you know
Correct. But certain companies are striving very hard to remove the privilege of choice, at least as far as computers are concerned ;-)
Say no to software patents.
And if someone is looking at your screen, he'll know your password...
Transforming mouse events to *s while "typing" doesn't work.
This message is provided under the terms outlined at http://www.bero.org/terms.html
If I've used it for 15 years without it every being compromised, why is it that nobody has ever hacked it, despite the fact that I use it in a number of places?
Like I said, for important things, I use a variation that's more difficult. As for shoulder surfing, again, 15 years (including 2 years using it daily in a wide-open internet cafe where anybody could have seen it), and nobody has ever hacked it.
And no, I didn't pick a mental pattern on the keyboard. I was assigned a random password by CompuServe 15 years ago and I've used it ever since.
You said, and I quote: "There's a damn good reasons why you're told not to reuse passwords." Show me why? 15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.
You said, and I quote: "There's a damn good reasons why you're told not to reuse passwords." Show me why? 15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.
/. that long) someone cracked /.'s backup server where they got full access to the database including Rob's password. So they got everyone's password.
/. then they got your password for everything. They didn't crack or guess your password instead they cracked something completely different and your password happened to be stored there.
I'm going to actually give you a real life example to help you understand why this is important.
Some time last year (you may remember if you've been around
Now if you use that same password for
So imagine if you use that password for your online banking, e-mail, work account etc. It's pretty serious.
The point is that it doesn't matter how secure or insecure your password is. You just don't use the same password for everything plain and simple.
The same could happen with hotmail. Your work's network etc.
--
Garett
Just because it is a mouse, doesn't mean it can't be snooped. Mice and keyboards both use serial communications and can be captured by many means.
The Microsoft Mouse(tm) protocol sends out a three byte sequence to signal a mouse movement. The current from the wires of a serial mouse can be picked up remotely with a good antenna that can sense the large RS232 voltage transitions at a slow 1200 baud. From another room, you could track mouse activity just as with a keyboard.
Oh well, it's not like we haven't seen this before
Ok guys, here's how you can use the power of visual identification and still have a cryptographically secure system. All of this and it's implementable RIGHT NOW with current tools on a standard linux distro.
.pngs, .jpgs, a mix of verious types or whatnot. All that matters is there's quite a few of them on the machine. I'm going to use the /usr/kde/2/share/icons/hicolor/48x48/ directory. This directory contains 5 subdirectories with a total of :
/ fip180-1.txt)
3 24
D 7F
:
./ after all. :)
1. Take a directory full of images, it doesn't matter if they are
find . -name '*.png' | wc -l
297
pictures. Given this, we can do som basic combinatorics (permutations of these standard pictures) for any value of 297 choose n. Using the permutation of (297 3) gives us 25,934,040 possiblilties (remember the order of choosing pictures is unique). It gets even nicer at 4 (7,624,607,760). Why am I bothering with this? Let me show you a snippet of python code:
# requires python 2.x
import sha,sys
print sha.new(sys.stdin.read()).hexdigest()
This little beauty will compute the hex-digest of the Secure hashing algorithm (http://csrc.nist.gov/publications/fips/fips180-1
.
All you have to do to use this program is the following:
$ cat apps/kedit.png filesystems/zip.png mimetypes/widget_doc.png | hex_sha.py
066686143327A8A582E5F5333A98D6C3F1426
or, if you prefer:
$ cat apps/kedit.png mimetypes/widget_doc.png filesystems/zip.png | hex_sha.py
2C35BA8998BAAEA70008AE41E31F923142A48
Obviously, order matters. Starting from this simple building block I'm sure it woulndn't be too hard to have kdm/gdm/xdm use this alternate method. There are c libraries available (openssl) which accomplish the same feat.
In short, this can be implimented in a weekend by a skilled hacker. One could even see crative ways of assigning short characters to each picture so that clicking isn't necessary. Something along of the lines of:
Actions == A
aPps == P
Devices == D
Filesystems == F
Mimetypes == M
And each subdirectory use the same method as well. So instead of catting those three files via the CLI, I could opt to type
PE == aPps/kEdit.png
MW == Mimetypes/Widget_doc.png
FZ == Filesystems/Zip.png
So I could type PEMWFZ (case shouldn't matter as we're indexing through a series of directories/files) and get my first catted line above. The second line would be PEFZMW.
The weaknesses in the algorithm described above lie in the strengths of SHA and the number of choices (I'm using 3). Since SHA's collision space is larger than (297 3) The weakness lies in the permutation. As I showed above, it's pretty damn big. Make it 4 (and all pw's become 8 characters).
Hardest part is the passwords are still gibberishlike. Or are they? Each grouping is paired in twos naturally. The password in ones's mind isn't PEMWFZ, it's PE, MW, FZ. If one can visualize the picture with the grouping then there is a direct visual association. This would appleal to most hacker-types. And the non-techies can even just opt to scroll through the pictures clicking on the 3 (or 4) that comprise the password. There could even be an option displaying the shortcut keys as the pictures are being clicked in case the person can't remember one of the mnemonic groupings. This must be done in absolute secrecry should the should-surfers wander by.
You guys get the idea. I'm just spewing ideas about this topic.:)
(And to others about this "dumbing-down" passwords; I think my hacker/non-hacker solution above compliments both types nicely. It also gives rise to REAL passwords without having to memorize `a09GD3hz'. A compliment of pictures and shortcut blocks works well within the human mind -- try it if you don't believe me. On top of this, it eliminates the possiblity of people choosing 'god', 'stud' 'master' and other such obvious passwords.)
Feel free to flame my constructive brainstorming. This is
15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.
:)
I have a tradition. I play russian roulette every year on my birthday. 15 years and I've never lost. I'd say that's a pretty damn good track record for a game. I don't see a damn good reason to change it. Until I lose, I probably won't.
hehe, this post was fun to write up
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I think most people use one or a set of very few passwords, as well as usernames. It's inevitable, but has it's problems.
I'm sure If the Slashdot crew wanted to, they could use the usernames and passwords from here to log in to thousands of peoples Ebay, Amazon and Paypal accounts. Anyone that puts up a site that requires a username and a password could do the same.
I wonder if mouse gesturing (ala Black and White) would make a good password protection system?
:)
I guess you could enforce a certain complexity to the password (no mouse up, mouse down).
This would have the great advantage that it would be tremendously difficult to teach to someone else...
Just a flawed thought. Find the flaws...
Besides, the click locations would have to be stored in terms of percentages to allow for scaling the image for display on different devices with different resolutions and still accepting the user's "password." Add in a tolerance factor since the user probably won't click the exact same spot, and look...if I display all your images so they're really tiny I can click wherever I want and login!
Reading through this thread, there are lots of valid issues brought up. I would agree that this concept alone would either be just as difficult as passwords (assuming the resolution of where you clicked was tight) or just as insecure as a bad password (assuming fairly forgiving resolution).
BUT, a simple pictorial password combined with a simple alphanumberic password could be very secure as well as easy to use. Far greater than the sum of either used individually.
I used to work at a large bank which employed this kind of multi-level security. A mag card got you into offices, a mag card plus a numeric keypad got you into medium security areas (teller lines, etc.). The higher security the area, the more techniques were added (retina scan, knowing your mother's maiden name, manager's name or department name, etc.). Basically, each aspect is individually attackable (stealing the mag-card, dictionary attacks, shoulder-surfing, password sniffing, etc.), but you have to know all of them to get access. Each obstacle in the way added a large measure of unpredictability and hence security.
I could even see this being used in a "telnet" (ehem, ssh) like scenario where a traditional userid and password are the first level, then some quiz (arranging shapes or colors in a specific sequence for example) is the second level. Each would be easy to remember, combined it would be very difficult to guess both (or several).
Basically, I think there is a great amount of promise in this kind of research. Yeah, you can shoot down each method as flawed, but combine a few of the methods and you can get some very powerful and easy to use security.
The only athletic sport I ever mastered was backgammon - Douglas William Jerrold
And is there a particular reason as to why our passwords aren't MD5'd or SHA-1'd???
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
It's the "lost password" feature. /. may have changed it since the "incident" but when that happened they were just plain text.
/. may do that now I don't know because I haven't needed to use it.
The solution that most places use is to change your password to some radomly generated string and e-mail it to you rather than to e-mail you your old password. As I said
--
Garett
If I've used it for 15 years without it every being compromised, why is it that nobody has ever hacked it, despite the fact that I use it in a number of places?
Well, since you asked:
Luck.
That's the only reason. Think of everything you'll lose when your luck runs out.
Detecting acceleration of the mouse is not an issue when the amount of movement is encoded in the sequence. Also, the initial position of the mouse is fixed upon boot.
Its easy to scan and parse where the user is going to be. After all, this is done in software anyway! It makes no difference if it is done on the host computer or a remote spying box.
byte: contents:
0 1 L R Y7 Y6 X7 X6
1 0 X5 X4 X3 X2 X1 X0
2 0 Y5 Y4 Y3 Y2 Y1 Y0
MD5 is not an encryption scheme, and besides, if someone rooted slashdot it would be exceptionally easy to find anyones passwords out anyway. Expire logins, put a mailto: on the login, wait and have the passwords mailed to a disposable email address.
And SHA-1, that works great as long as your keyset isn't compromised. We're using SHA-1 at the company I work with, and using a rather obscure private/public keyset - it can't be random because it must be synched amongst a set of boxes, so it has to be calculated and predictable. However, someone would have to look at the code, and have root access to the box in order to crack the keyset. I think that's pretty secure, but it can be broken.
Everything is a risk assessment, you just have to see how your risks weigh in with the benefit. If you have an ultra secure login system, but it takes 20 minutes to authorize, that isn't very useful.
Dacels Jewelers can't be trusted.
If I've used it for 15 years without it every being compromised
How do you know it has not been compromised? They could be holding on to it waiting for a good time to use it. They could be logging in, copying files, but not destroying anything that you would notice.
Why is it that everyone assumes they KNOW when they have been hacked. I happen to know my boss's server password and he has no idea that I know it and he does not change it. If I so desired I can read his mail at will, read my co-workers reviews, etc. I don't, but I can. what makes you so sure that you have not been compromised and someone isn't surreptitiously using it?
A while back I discovered one of our server's had been hacked (we discovered a root kit had been installed). We never figured out exactly how long it had been there. Could have been as long as a year, and who knows how much vital data could have been taken over that period while we were blissfully ignorant. Bottom line, don't be so ignorant, a good cracker is not likely to be noticed! You may very well have been watched for years.
The only athletic sport I ever mastered was backgammon - Douglas William Jerrold
"Users simply remember exactly where on the images they clicked and in what order."
How is that better simpler and more secure? 99% of the people will simply click on the middle of the picture, and boom you're through. Of course then there might be instances where you have to click a minimum of 5 places, so suddenly everyone is clicking on each corner and then once in the middle.
Personally, I'd just as soon stick to my text passwords. I don't find my passwords hard to remember, as I utilize a seqeuence of rules to generate the password. That way I can choose a word (I usually like titles of Books/Movies/Albums/Songs) and run it through my little set of rules to product a string of characters that bear little resemblance to the original word, but is still easy for me to remember, because I don't have to remember the actual password, just the methodology to get to it.
If by pictures for passwords, they had meant that you supplied (uploaded) a special image of your own personal creation, and then that image is authenticated using an algorithm that generates a key by the values of the pixels in the picture, and then matches it via a public/private ssh key authorization manner; that, I think would be pretty slick.
Well, I'll quit rambling now. I just don't see how clicking on parts of a picture is easier to remember or more secure than typing in a string of text.
RFC2119
In keeping with Microsoft's tradition of rarely doing its own innovation...
l #DEJAVU
Many years ago somebody was selling Automatic Teller Machines that used this approach instead of numeric PINs. I wish I had a reference but this was way pre-Web (1970s).
Also, this was discussed at Usenix 2000 and CrypTec 99 - see:
http://paris.cs.berkeley.edu/~perrig/projects.htm
and on Slashdot on Dec 28, 2001
The only good weather is bad weather.
The database shouldnt be storing our password. It should be storing the hash of the password, from which you can verfiy it, but not recover the actual password string.
dominionrd.blogspot.com - Restaurants on
skuzzywhores.com now has downloadable pass-pictures of your favorite screen sluts, from Anal Ashley to Luscious Lydia! Why not have some fun with your security? Download 'em now!
Read the EFF's Fair Use FAQ
No, the security is still much tighter than a current password system:
Lets say you can narrow down the event to a 5 minute window (they took about a minute total to pick all 3 images randomly from different channels) and your local cable provides about 60 channels. Thats 60 channels x 30 frames per second x 60 seconds x 5 = 540000
So the odds of the "password" being right on any given guess is 540000^3 = 1.57464 x 10^17
By comparison, an alphanumeric 8 character password (allowing caps) is 63^8 = 2.48156 x 10^14
So, the 3 images is much more secure. Adding just a fourth image makes for 8.50306 x 10^22 possibilities.
Factor in the fact that most television stations don't tape their broadcasts (except for live events) they most just log the tapes they play, and to it outages and "technical difficulties", and static/picture noise on the recieving end and you have a pretty secure system that shoots down the 8 character alphanumeric one.
The biggest weak point in this system is the transmittal of the images to your intended recipient. Best place for the feds to watch to get into the data. And if you can securely send images that unlock the data, why can't you send the data?
I'm out of my mind right now, but feel free to leave a message.....
No. The article a while back was about using sequences of images as a password. This one is about using a sequence of points within an image as a password.
First of all, that one was different (this requires you to click in very particular places in the pictures, not just on the right pictures), and secondly most of the comments on that were "This is stupid" and all the downsides. This idea has even more downsides than that.
Visit me on #weirdness on the Galaxynet.
I work with adaptive equipment where I work. It becomes increasingly frustrating over the last few years. 1) Several prominent habits when designing web pages (lack of ALT tags for images, a lack of non-Flash options on popular web sites, and visual enhancements that are lost on people who can't see them) keep many people with visual disabilities from finding what they need or want on the Internet. 2) Many in the school I work in are taught to not use the mouse and use keyboard shortcuts. Technically, there are mouse emulation procedures by using the numpad, but they are not loaded until after Windows loads completely. This is especially true for a terminal that is shared by sighted and non-sighted users. 3) I have found that most of the users that I teach and support are not willing to relearn to use their computer every few years. Many of them are still on Windows 98 because many pieces of their adaptive equipment/software are not available for WIndows XP yet. Even trying to run them in emulation mode doesn't guarantee much success. With these in mind, the picture might be viable, but only as an alternative to people who cannot grasp the importance of good passwords. Yes, many of the visual passwords will be fairly simple to solve. Yes, it will be harder to administer visual passwords. Yes, many people will find the idea too complicated when it is supposed to simplify logins and make them more visually appealing. Personally, I would want to keep to using long alphanumeric passwords. But then there are people like where I work that want things as simple as possible.
This
Market droid: Our research indicates that our users aren't being humiliated nearly enough.
Pointy haired boss: Why don't we make them play pin the tail on the donkey before they can use the system?
Engineer: I suppose I could work it into the login sequence.
And now I'd like to complain about the increasing retard-ification of our society. How can people be unable to choose a few non-obvious passwords (hell, just some random sequences of alphanumeric characters will do) and remember them with a mnemonic device?
I assume you're referring to my secretary, who seems to believe that the little light at the top of the keyboard (the one with the words "CAPS LOCK" next to it) is the power light for the keyboard. The one who didn't understand why I wouldn't give her an Administrator account, since her job includes administering some of our (expense) accounts. (She pouted for two days over that one.) The one who refuses to log out of her machine at night, because she likes coming in to work and having her computer ready for her? (Note, that point applies to many of my co-workers.) The one who made me turn off the 30-day password cycling, because she didn't want to remember "all those passwords."
The real problem here is that these people don't see the need for security. They think of computers as fancy toys, and maybe something to write letters. "Big deal--you don't need security for that. I don't care if somebody reads my letter to my brother, or plays my games." While that may be fine at home, I'd really rather people not get into our financial accounts, or our grade records (I work at a university). "Well, who would want to?" Well, for starters, any student who has a grade on that system. Anybody who'd like a little extra cash, from our pockets.
The real problem isn't that they can't use a decent password, it's that they don't want to, because they don't see the threat. Until this changes, nothing will change.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
Sure. I completely agree but it still doesn't really matter who's liable. The fact is that it happened in the first place.
I mean let's say my house were broken into. I would definitely want the sob who did it to be thrown in jail, but even after he were it would still suck that it happened in the first place.
And to solidify your point let's say the house wasn't mine but it was a friend of mine and I was house sitting. I should have some sort of obligation to my friend to keep the house locked. I mean that is why I'm house sitting isn't it? To make sure it's locked up and safe and that the cats are fed.
So play it safe. Don't use the same password for everything.
--
Garett
And SHA-1, that works great as long as your keyset isn't compromised. We're using SHA-1 at the company I work with, and using a rather obscure private/public keyset - it can't be random because it must be synched amongst a set of boxes, so it has to be calculated and predictable. However, someone would have to look at the code, and have root access to the box in order to crack the keyset. I think that's pretty secure, but it can be broken.
Off topic, but I'm intrigued. Are you saying that your company uses a single, fixed key for salting and hashing passwords for authentication, and the system relies on the key being kept secret? This sounds worse than windows networking authentication! For the love of Athena, use Kerberos or a mutually authenticated SSL system. Usually home-brew == brain-dead. There are ways to use hashes for zero-knowledge proofs, but this doesn't sound like one of them. It sounds like you're wide open to a blackhat replaying authenticators.
Has anyone analysed your system? You seem to imply that you think SHA-1 is an encryption method. SHA-1 and MD5 are both hash algorithms, which can be used as primites in a vast array of applications, including the basis for block or stream ciphers. However, your statements seem troubling. There are libraries for doing almost anything securely. The simplest to use would probably be SLL, and if you're really starved for CPU power, you can use authenticated but unencrypted SSL traffic.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
This means that an automated procedure can be developed to locate image's regions that are sufficiently visually different from the surrounding areas, and then the "clicking attack" can be mounted only against those areas. It will significantly reduce the crypto strength. For example, if you have two people on the photo, each with 5 key points, you have an alphabet of 10 "digits" (each corresponding to a key area), and if you do 6 clicks on this photo you are producing 6-digit number, so you have 10 million combinations. This is a very low count, and it can be cracked quickly. If the user clicks on 2 or 3 key points of the image then the number of combinations drops very fast.
But even without an automated cracker, it would be trivially easy to break in. A human that walks up to a secured computer can see the image, and he locates those key points himself. Then he can click on various points in hope to recover the pattern.
Another very bad side effect is that if the legitimate logon is observed without looking at the screen - which is common in office space - then the attacker can hear the number of mouse clicks, and can see the user's hand moving the mouse. Then the attacker can guess the pattern; the number of clicks tells him how complex the attack will be.
Personally, I believe that the best local authentication device is a USB dongle with a small chip inside. You are issued one, or buy one for $10. Plug it in, get authenticated. Unplug and take with you - nobody will log in as you. This can be used remotely too, combined with the crypto glue (the USB dongle can have your secret key, and it can be used to sign the login cookie, for example).
If it makes you feel better you can always use an image of asterisks as you password.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
I never thought I'd finally be able to use my ass as a password.
"Derp de derp."
Even they realized that most people would likely have some variatin on one favorite gesture to use with MS software.
And complex gestures would begin to resemble an arcane and ancient magic ritual. (which is an idea for a sf story someplace)
"It is a greater offense to steal men's labor, than their clothes"
This sounds like yet another attempt to make things "easier", with no understanding or attention to the security ramifications.
Paralogix has a similar password scheme. You click on a number of objects to create a password.
Sounds good, but it turns out to be very bad.
It turns out that the number of objects used on the screen made for less combinations than you would have if it represented a letter of the alphabet. (About 28 combinations per "drag".)
It gets worse. Due to the way the interface works, it becomes prohibitive to make large passwords. (A keyboard is much faster.) The interface passlogix used was drop and drag. Icons are not going to be much better. (You only have so much screen area to work with.)
Passlogix did one even better though... They made the order of the password not matter. (So "AAB" and "ABA" and "BAA" were equivelent.) For small passwords, it removes a fair chunk of the combinations. For large passwords, it removes almost all of it. (95% at 5 characters and it gets worse from there.) I expect similar things from Microsoft if they actually do this.
I have suspected that Microsoft considers most of their users to be illiterate. It frightens me when I see evidence that my worst fears are confirmed.
"Trademarks are the heraldry of the new feudalism."
Indeed, but...
And they would probably loose quite badly.
Yes, but only after dragging out the suit for 10 years. After which time, the object of the suit will be deemed obsolete, and the affair will be quietly shelved before any penalties are decided.
Say no to software patents.
I imagine you are correct, it doesnt matter whether or not the technology exists, only if people use it :-)
dominionrd.blogspot.com - Restaurants on
I could never remember which cheeses to click to get past the nag screen for Monty Python's Complete Waste of Time (or whatever it was called); why on earth would I remember any better which body parts, mammals, and reptiles to click in what order so I could log onto my computer??
:)
:)
Or as a friend once put it, "I don't need pictures. I can read and write."
More seriously, it occurs to me that unless the images came up in a random order each time, password sniffers would merely need record mouse click position. And once the password images were ID'd.. Hmm. ISTM such images should be user-defined to be more secure, because otherwise sooner or later some sniffer is going to know how to ID the OS-supplied images that were clicked, regardless of screen placement.
I just had this vision of people using their fave porn thumbnails as their password images, leading to this:
Invalid password: you must include at least two tits, one ass, and one other body part.
(thanks to whoever made the post that inspired this
~REZ~ #43301. Who'd fake being me anyway?
"Seems like you'd have to be really careful not to exclude the color blind. And the actually blind. Or just those with bad vision, or really poor visual memories."
And the dead- don't forget the dead.
Just because someone is no longer living doesn't mean they no longer have the right to log in to their computer.
There are important issues here. Let's examine recent ideas of identity verification and how they affect the long dead, recently-deceased and undead:
1) Fingerprint recognition: Bad- the flesh on your fingers may have all decomposed by now.
2) Retinal scan- As above- eyeballs may be decayed or too badly damaged to scan, depending on your method of death.
3) Voice recognition: Again, bad.
Computer: "Please speak your name for identification."
You: "Urrrrreeeeeuuuurgggghhhhhhh"
Computer: "Not recognized"
4) Clicking on parts of pictures. Hmm, may run into same problems as the blind due to loss of eyeballs, and let's face it, if you're a zombie, do you really want to sit there pissing about with a mouse?
5) Traditional keyboard entry of password. Excellent. Undead have 'leet typing skillz, as immortalized in the game "THE TYPING OF THE DEAD"
graspee
Speaking of chips and dongles, while we're talking about passwords that can be physically stolen :) ...How about a floppy containing a user-generated graphic file? Presumably this could be compared to a hash stored on the machine as easily as could a string of characters, and no one sees it other than whoever created it. Seems to me this would be a lot cheaper than a chip and a dongle, could be used much more widely, would be the equivalent of a VERY long alphanumeric password, and would be no more subject to physical theft than a dongle. (Perhaps less, since the floppy could be hidden in plain sight, perhaps in a drawerful of similar floppies.)
:)
I've had two mildly insane ideas from a single article, clearly it's time to put myself away now
~REZ~ #43301. Who'd fake being me anyway?
They will just count on the fact that most people won't care. Have you seen any public relations backlash due to the numerous corporate (or worse: governmental) IE-only or javascript mandatory pages? I sure haven't... although those cases effectively discriminate against the blind, makeing it impossible (or difficult) to access said content using a lynx browser and a braille line. For an especially funny example, point your IE browser to the "Tommy rumor" page. Then, try the same thing again with konqueror, netscape or lynx, or just with java script switched off. Yes, Tommy Hilfiger doesn't care whether you have the right color of skin when you wear his clothes, but he sure doesn't want you to browse his site if you're blind! And have you noticed any publicity backlash against this? I sure haven't...disabled people just don't have the same kind of clout that the blacks have.
It would just be much easier for them to make it comapatable in the first place.
Yes, it would be much easyer for them, but they like so much more to behave like pricks. Have you ever tried calling up a web design firm because of their IE-only page? Most claim it would be very difficult to make it compatible with other browsers, where in reality a simple browse-source reveals that they are intentionnally shutting out other browsers. Certain web design companies even have the gall to attempt to pressure their customers to not make their pages compatible, even after delivery (needless to say, we just ignored their feeble attempts of intimidation...eventually, they mirrored our site under their own URL, with the anti-disability provisions put back into place...)
Say no to software patents.
The perfect dictionary file for the new "crack" program: images.google.com
To me, it sounded like you were using a fixed slat to gnerate your authenicators from passwords, and you somehow needed the salt kept secret.
The only issue with Kerberos is that you MUST have secure passwords. I know plenty of MIT students with bad passwords who think their kerberized telnet sessions are secure.
Too bad they don't have well analyzed systems of DH group exchange encrypted with the user's str_to_key(passwd) and the kerberos ticket encrypted with the DH negotiated key. That would hel prevnt problems with sniffing encrypted tickets and performing offline attacks against bad passwords. (You could still perform attacks against bad passwords, but you would force them to be active attacks.)
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
MD5 is not an encryption scheme,
Well, it is a hash, which is a "One Way Encryption" scheme. I never said the PW's needed to be recoverable.
if someone rooted slashdot it would be exceptionally easy to find anyones passwords out anyway
I'm not following. Are you saying that a brute force would be easy? This has to to with the individuals PW strength. If I have a strong password, I don't think someone cares to to use 3 months of CPU to try to get it.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
I don't have to remember a lot of passwords, because I don't use a lot of passwords. How is this a solution? Well, for any and every account that doesn't matter (e.g. hotmail spam account, anything I sign up for) I use the same, stupid password. I don't care if someone hacks those accounts, all they'll get is all the fake information I entered when I signed up. Then I remember 5 complex passwords (8 chars or more, mixed caps, multiple non alpha chars) for the 5 things that are important.
And those are easy to remember, because they're usually phrases, shortened: "There's no Sex in the Champagne Room!" gives me: "TnSitCR!" as a password. Easy to remember, hard to crack.
Jake
Dating: while( 1 ){ call_girl(); get_rejected(); drink_40(); } return 0;
Better to use a user-generated random file.
Presumably this could be compared to a hash stored on the machine as easily as could a string of characters
This would be bad because you'd be leaking the secret key (your graphic/random file) to possibly compromised computer.
The better solution would be to send challenges to the dongle, and it would respond appropriately (signing them with its secret key, for example). The floppy can't do it.
Seems to me this would be a lot cheaper than a chip and a dongle
A floppy costs $1. A dongle costs $10. They are in the same price range. However floppy wears out, can be easily demagnetized, bent and otherwise damaged. It can also be duplicated without stealing it, so you'd never know that someone is using your access rights for months... The floppy is also BIG and unwieldly to carry around, but a USB dongle on a keychain is no problem (I have HASP4 dongle in front of me right now.)
[a floppy is] no more subject to physical theft than a dongle
As I just said, you can't duplicate the dongle, so someone has to physically steal it. But if you are really concerned about theft of the dongle then you can attach a passphrase to it, and enter it securely by, for example, pressing one of three little buttons on the dongle itself, in response to LED flashes. This is very safe because this passphrase input method bypasses the possibly insecure computer that the dongle is plugged into.
All likely good arguments, tho I was aiming my make-it-up-as-I-go-along at the same market as might be interested in "click on the pictures" passwords (which personally I think is nuts :)
:) Remember this is aimed at a password solution that could readily deploy on a massive corporate scale, and would reduce the "I can't remember my password" problem. (Beings how I'm less than impressed with the "click the pictures" notion.)
:)
What I had in mind might be something that could be installed over a network and used to generate login passwords for each person using a given workstation -- save the password to a floppy, and then there's no need to remember a complex password, and no need to issue dongles to everyone. If the password is also passed back to the sysadmin's own machine, the workstation can still be got into (and the password changed) if the employee hits the streets or loses their floppy.
Mind you, I'm just throwing out whatever ideas come into my head; some may need to be thrown a bit further, say into the bit bucket
Of course, for real fun, everyone could switch floppies and pretend to be someone else
~REZ~ #43301. Who'd fake being me anyway?