Authenticating With Your Mouse?

← Back to Stories (view on slashdot.org)

Authenticating With Your Mouse?

Posted by Cliff on Saturday February 1, 2003 @03:15PM from the obscure-but-cool dept.

degauss asks: "I am looking into various authentication schemes form my home machine, and one that I thought would be interesting would to be having a dummy login screen up with a user/pass prompt, but instead of entering a user/pass, you click at certain points on the screen in certain rytmhmic patterns (all of this is of course unknown to any unauthorized users, who will pound at the password for years). I was wondering if there it any such software or interface currently being developed, as it provides an interesting [semi-]biometric security solution without dumping a ton of cash on new hardware."

2 of 58 comments (clear)

Min score:

Reason:

Sort:

Don't count on obscurity by bkhl · 2003-02-01 15:24 · Score: 5, Insightful

I don't know if this would work. I guess it would really give you less variation in possible passphrases than a normal password.

Maybe if you were to 'draw' the password on the screen and the computer would both use the password and analyze the writing it could give you an extra level of security. That would probably work better with a stylus or a touch screen than with a mouse, though.

As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.
1. Re:Don't count on obscurity by ShmuelP · 2003-02-01 15:52 · Score: 4, Insightful
  
  As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.
  
  By the way, relying on people to not type in your password is security through obscurity. Don't trust that. :-P
  
  Seriously though, if you are going to use clicking as a password, you need to treat it the same way. Since anyone who watches you could easily see where the mouse is moving, this would be similar to letting other people watching the keyboard as you slowly typed your password: not a good idea. Even worse, a tempest-like system would allow someone to watch your "password", without your even seeing a person there!
  
  Instead, I would suggest drawing as an extra layer of security before the password. Meaning, you have to draw the "password" before typing the real password. If you don't draw the correct "password" first, then even the real password isn't accepted.
  
  --
  Solution to blink tags: wrap them in another blink tag, with a javascript delay loop, so they cancel each other out