Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authenticating With Your Mouse?

Posted by Cliff on from the obscure-but-cool dept.

degauss asks: "I am looking into various authentication schemes form my home machine, and one that I thought would be interesting would to be having a dummy login screen up with a user/pass prompt, but instead of entering a user/pass, you click at certain points on the screen in certain rytmhmic patterns (all of this is of course unknown to any unauthorized users, who will pound at the password for years). I was wondering if there it any such software or interface currently being developed, as it provides an interesting [semi-]biometric security solution without dumping a ton of cash on new hardware."

9 of 58 comments (clear)

  1. tinfoil hat by Hubert_Shrump · · Score: 3, Funny

    tinfoil hat linux does this, to some degree. IIRC, The login screen is called "arcade mode" for good reason.

    --
    Keep your packets off my GNU/Girlfriend!
  2. Don't count on obscurity by bkhl · · Score: 5, Insightful

    I don't know if this would work. I guess it would really give you less variation in possible passphrases than a normal password.

    Maybe if you were to 'draw' the password on the screen and the computer would both use the password and analyze the writing it could give you an extra level of security. That would probably work better with a stylus or a touch screen than with a mouse, though.

    As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.

    1. Re:Don't count on obscurity by ShmuelP · · Score: 4, Insightful

      As for hoping for people to try to type in passwords instead of using the mouse, that is only security by obscurity. Don't trust that.

      By the way, relying on people to not type in your password is security through obscurity. Don't trust that. :-P

      Seriously though, if you are going to use clicking as a password, you need to treat it the same way. Since anyone who watches you could easily see where the mouse is moving, this would be similar to letting other people watching the keyboard as you slowly typed your password: not a good idea. Even worse, a tempest-like system would allow someone to watch your "password", without your even seeing a person there!

      Instead, I would suggest drawing as an extra layer of security before the password. Meaning, you have to draw the "password" before typing the real password. If you don't draw the correct "password" first, then even the real password isn't accepted.

      --
      Solution to blink tags: wrap them in another blink tag, with a javascript delay loop, so they cancel each other out
  3. Along the same lines... by thecampbeln · · Score: 5, Interesting

    How about using both of these ideas together? Have it to where even the correct username/password is not accepted unless the user clicks on the right section of the screen, or right sequence of sections of the screen in place of simply clicking "Ok"!? So in essence the "Ok" button would be a dummy and the correct "button" would be another portion of the screen entirely?

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
    1. Re:Along the same lines... by Motherfucking+Shit · · Score: 5, Funny
      So in essence the "Ok" button would be a dummy and the correct "button" would be another portion of the screen entirely?
      Good idea. I propose that we give the real button the appearance of the Pi symbol, and place it in the far lower right-hand corner of the screen... ;)
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  4. How about.... by orthogonal · · Score: 3, Funny

    How about logging in by executing some steps on your Dance Dance Revolution pad?

    --
    Opinions on the Twiddler2 hand-held keyboard?
  5. Re:drawing and puzzles by bpb213 · · Score: 3, Funny

    "Creating a drawing would be a great way to authenticate for some people"

    Want to take a bet on how many stick people you get as passwords? :)

    --

    This .sig looking for creative and witty saying.
  6. Non-typing passwords... by Crash+Gordon · · Score: 4, Interesting

    Many years ago, I needed to secure my work PC (a spanking-new IBM XT-286) from the night shift; since I was doing CAD I had an EGA and a fast machine so my office became the midnight game room.

    I wrote a routine which put a login prompt on the screen, and then waited for a particular cadence on the DTR line of COM2. I patched this code into some blank space on the EGA's BIOS extension ROM, and executed it before the keyboard was even enabled during POST :-) COM2 had a plotter attached & I would turn the plotter on and off appropriately to boot the system. I never booted when there was somebody else in the room.

    Then came a change in company ownership, with its attendant politics... I was canned on a Friday afternoon with no notice whatsoever. Nobody asked about my password. Of course the vultures descended on my office, and among the first things to go was the plotter. No plotter, no password.

    Apparently after several frustrating weeks in Software Engineering the PC was returned to IBM for an expensive "repair" -- if someone had asked I'd have told them to swap the original EGA ROM from my desk drawer back into the EGA. Nobody asked.

    1. Re:Non-typing passwords... by karnal · · Score: 3, Interesting

      Sort of offtopic:

      I was perusing various car sites a while ago, looking for fix-it information on my car. I found an interesting thing that someone had done for a kill switch: they integrated a push of the passenger's window "up" button (on the driver's side only) to allow the passlock 2 (GM) signal to the ECM.

      Kind of a neat hack, seeing as if you didn't tell anyone, and no one paid close attention as you started the car, they probably wouldn't pick up on the trick. However, one of the dumber things you can do in that situation is post it on the internet for all to see..... Guess that's why you didn't announce your "lock out" until well after you were finished with that type of security.

      Kudos as well to you, though -- that was a neat trick. Almost makes me wish I was more into hardware (like I was as a teenager)....

      --
      Karnal