Slashdot Mirror
Inkblot Passwords
TechnoPope writes "Microsoft Research a new way to get users to not only develop, but remember more secure passwords can be achieved through using inkblots. Because of how the human brain works, you can show the same pictures to different people and almost always come up with different passwords. What's even crazier, is that people generally are able to remember the complex passwords. Sounds like a major breakthrough in security."
Anyone else see these shapes?
butterfly swimmer
recycle logo
WWE Smackdown Enterance
Helping Hands
Evil Eyes
Person Gasping
Turtle man
Boys Spitting
Batman fighting
Batman flying
with an end password of brrowehsespgtnbgbgbg
Hmm, maybe i shouldn't of shared that. This seems to be a really cool system. I look forward to MS adding it to passport!
Blot number 10 would be "Bn": Batman having sex with Catwoman.
From the movie Van Wilder:
Random man (being shown an ink blot picture): "DUDE! It's a guy... and he's giving a circumcision... to HIMSELF!"
How exactly would his password turn out?
If they showed this to the /. crowd:
. .
:)
User1: It's Natalie Portman, i mean look at those curves . .
User2: Beowulf cluster of Linux boxen!
User3: Its the dead body of Steven King.
User4: Hot Grits . . . definately .
User5: In Soviet Russia, the inkblots analyze you!
Think I covered them all
Your hair look like poop, Bob! - Wanker.
An innovative, potential useful idea coming from Microsoft?
I can't figure out which is more incredible - that, or the fact that the story got told here...
Stop by my site where I write about ERP systems & more
I would love this so much more, and find it much more useful, if Steve Jobs had thought of this.
They'll make a total mess of
Trolling is a art,
Great. Now every password will have something to do with sex.
NetInfo connection failed for server 127.0.0.1/local
I used this system, with 5 different inkblots to generate my 5 most important passwords. They are, in turn:
o ther
MyMother.
Mom.
MyMother.
Momagain.
and
MyM
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Here is some more of our favorite Slashdot composition style for your pleasure.
"Microsoft Research a new way to get users to not only develop, but remember more secure passwords can be achieved through using inkblots."
Makes one want to weep really.
Here's the passwords I came up with:
Inky
Blotty
inkblotty
inkyblot
I bet there's not too many of these. Put 'em in a wordlist, and, bang!, you're a hacker!
Best Windows Freeware
Its obvious number 7 is a frog getting blown by a kitten and fucked doggy style by something with wings. All the rest are my mother.
We ask you to look at the inkblot, see whatever you see in the inkblot, and type a short abbreviation of what you see. The first and last letter works well.
/.er's computer would be P[]Y, T[]S, A[]S...
Sounds to me like this is tailor-made for dictionary attacks. The only letters you'll need to break into any
(Oh, crap, I'd better post AC or else I'll lose my squeaky-clean image!)
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
cscscscscs Too many guys are going to see a "chick with big hooters" in every blot.
This post is dedicated to all of those
"Take your own inkblot test - what do you see in these blobs?"
1. nothing whatsoever
2. fat black sumo wrestler with purple arms doing the splits
3. goatse with chopsticks
4. CowboyNeal's legs in blue spandex
5. two Chinese soldiers looking longingly at each other
6. abstract goatse
7. A black man with bad posture, a green afro, and wings coming out his ass.
8. Blueberry people flanking goatse.
9. A very fat superhero.
10. Birdman does it doggie style. Possibly with goatse.
Based on this argument, start off with a password of sxsxsxsxsxsxsxsxsxsx.
Seriously, the problem is that with this method the password gets written down. OK, what's rule 1 of security? A written password is a potentially compromised password.
Panurge has posted for the last time. Thanks for the positive moderations.
About 30 years ago, I took part in a psychological experiment that had to do with ink blots.
There were 4 test subjects and the psychologist in the room. He'd show an ink blot to each test subject in turn and record the responses.
I was test subject #4.
On the first ink blot, the first three all said the same thing and I said something different.
The second ink blot went like the first.
I remember that on one ink blot, the guy next to me tried to argue with me into agreeing with him, but I didn't.
In fact, in the entire series of ink blots, the only time I agreed with anyone else was the one time he asked me first. Then everyone else agreed with me.
It turned out that there was only one true test subject, test subject #4. The rest were in cahoots with the psychologist.
The purpose of the experiment was to measure our socialness. The psychologist was rather upset with me because I was way off the curve and told me that I was the most anti-social person he had ever met.
That's something coming from a psychologist who worked at a state reformatory.
Anyway, back on topic, I tend to use passwords that are quite long usually by stringing unusual words together or by creating nonsensical sentences. In both cases, unusual spelling, punctuation, and capitalization are present.
20 characters just doesn't seem enough.
I think this method would be great when paired with the previous laughing recognition method presented here
I mean:
1 - Computer displays inkblot
2 - User begins to laugh
3 - login
4 - PROFIT!!!
how long until
18 months after MS decides security is important and lauches the biggest security review in history, they spent 10000 man hours and 10's of millions of dollars to determine that:
Stubblefield, and his manager at MSR, Dan Simon, knew that people are the weakest link in secure computing environments
Bad boys rape our young girls but Violet gives willingly.
...that nearly every single inkblot reminded me of biology textbook diagrams of female reproductive organs. Except for the ones that reminded me of a upskirt view of a woman's exposed genitalia.
Posted anonymously, because I'm sure I'm going to hell for this as it is....
So, this interviewer asked me to look at a picture and tell him what I saw. I told him it was too embarasing....
;-]
He said, "No, it's ok. Everyone sees something different."
So I told him, "Well, to *me* it looks like pattern number 7 in the Rorschach test for obsessive compulsive dissorder." But, then he got all depressed so I said, "Ok... it's a password prompt."
[with appologies to Emo
Using a more secure password to log into a less secure box.
It wastes your time, and annoys the pig.
Secur!ty H013
Five Dolla Moddy-Moddy?
Did anyone else think of, "don't use IIS"? Maybe this isn't so secure after all...
No, I didn't think of that, not specifically. Let's see. What does IIS have to do with this? What does the topic of the article and web server security have to do with this?
You've never seen an Apache server barf with mySQL and "too busy" errors? Perhaps the bandwidth is a more important consideration. Yes. For example, eBay uses IIS. Have you ever heard of eBay being borked? I haven't. Ditto for Dell.com, Microsoft.com and all the other high-traffic sites out there that use IIS.
Now, I'd recommend returning to whatever rock you crawled from under and staying there. Your useless and off-topic attempts at lame humour are a waste of brain cells.
Even if they torture you, you can't reveal it.
:)
Whoa! Fuck that! I am not a secret agent! I want a password I can reveal BEFORE torture!
WWJD?
JWRTFM!
1. Amputee Gymnast 2. Offspring of Dominek Hasek and Donkey Kong. 3. Grinch Performing Root Canal on Mick Jagger. 4. Fuzzy Bunny Foot Cuffs. 5. Oddly Colored Shepard's Pies in Urine Sauce. 6. Invisible Woman Donning Red Brassiere. 7. Flying Amphibious Baker. 8. PBS Logo from Mars. 9. Insignia if Visitors from Planet of Butterfly-men. (and women). 10. Space Wolf. Hope this helps... .
--If 50,000 people say a foolish thing, it is still a foolish thing.
Hmmm, microsoft.com is still working ?
We /.ed part of the evil empire atleast !!!
What ? These guys actually are innovative ? So, we hit the only non evil part of the empire ...
"However beautiful the strategy, you should occasionally look at the results" - Winston Churchill
I just think that it was really cool that an intern came up with the idea. I wish that the ideas that I come up with at my internship would end up on the front page of slashdot.
Hey, what do you call that psychology test, the one where they show you all the pornographic pictures?
Do you mean a Rorschach Test?
Yeah, that's the one!
Can anyone tell me how to set my sig on Slashdot?
Based on your results on this carefully conducted Rorschach test, your psychological profile is incompatible with our company's image and needs. Security is waiting at your cubicle to escort you from the premesis.
Bleh!
. . . hereClarencecomes
Oh, sure, maybe they'll get lucky with the first 16 letters or so, but they'll never guess the next few hundred.
KFG
You make a better inkblot, we'll make a better idiot.
Sticks and Stones may break my bones, but copyright will always protect me.
Well I think it is proven that different people see different things when looking at these shapes. Here is a complation of what people have said so far. And yes, it did take friggin' long to compile this:
Please blame the lameness of the formatting of this list on slashcode: "Your comment has too few characters per line (currently 20.0)."
Image 1:
-butterfly swimmer, Snooty Nose, mantle, Mask and dress, Mugatu from Zoolander, Person with hands behind back looking at feet
-Two birds on a tree with two dogs breathing fire -on them, Angry hippie, diablo howling into the air, A rabbit with horns lifting weights, Angry robot with guns
-Strongbad, Fighter Plane, Two birds singing, Missouri, tripod mortar
Image 2:
-fat person stretching, Christian Slater, Bear in a T-shirt, Board Meeting, Gravity challenged lady in lycra super hero outfit doing the splits
-Sumo wrestler on his ass, Jabba the hutt wearing a cape, fat sumo man in his fight stance, Squatting sumo, Cartman (I haven't even seen many SP episodes)
-Headboard or a bed, A gorilla in sweats doing a split, Fat woman stretching, linebacker, Kneeling fat man, recycle logo
Image 3:
-WWE Smackdown Enterance, Transformer, two hands, Zoro meets Willie Nelson, Someone eating coffee grounds from a filter with chopsticks
-Bob the Tomato from Veggie Tales, Someone drawing with both hands, Knitting a fez, one of the things from the movie Gremlins, An ambidexterous person writing with both hands
-Two bunny rabits eating guts, Bee face close up, Cockpit, Tropical island with two palms without tops, Obviously Goatse, buglike jetboat
Image 4:
-bushy woman on the shitter, Oak leaf, Hands washing black socks, LAN Party, Woman with grey arms force feeding candy to two children
-Batman's crotch, A large table saw designed to work in a gravity-less environment run by a tip driving magnetic motor, pelvic bone yo
-Hands full of glue, I have no idea. Nothing comes up., Comfy slippers , Feet of a reclining person
-Woman with panties down doing the Charleston, knees, Earmuffs, Evil Eyes
Image 5:
-Person Gasping, Pierre and Pierre, two faces, Two green berets talking, Two ice cream cones, Arab looking in a mirror, Two weeping men with large green hats
-Rastafarian argument, two men crying as they face eachother with big puffy green hats, two frogs wearing hats sticking their tongues out, Two green berets with black eyes, Two malnourished mullah's with camouflaged hats discussing the art of fellatio,
-Osama, Two boys playing soldiers, Trent Reznor, two eyes with big green brows
Image 6:
-grinning insect mouth, Edmonton (Canada), Camp entrance, Bloody Chest, Super hero adjusting bra
-Football shoulder pads, a person's hat with fake hair and pigtails attached, another pelvic bone?
-Hands holding a brassiere, Spider, Monkey doing telepathy
-A headless woman, Man hiding eyes, spider, Mittens, Person Gasping
Image 7:
-Turtle man, Flying Monkey, flying frog, Flyman, A frog in an apron, Frog with wings in apron, Mean green fly, Dragonfly frog, totally a flying frog chef duh!
-A winged frog wearing coveralls, Fairy frog wearing an apron, Jack Osbourne dressed as an angel, Frog Ferry, Green winged mole, Letter label, Yoda with bug wings
Image 8:
-The fat blue guys from yellow dubmarine shooting condoms out of their bellies
-Yugos
-Blue rabbits smoking.
-Globe
-Two Blue Meanies looking at a big butterfly
-Two sheep heads crapped on by a butterfly
-2 dinosaurs watching a large butterfly
-two men in suits watching a butterfly fly between them
-Tying a bowtie
-Dino men from Super Mario Brothers movie
-RC controllers
-Snapping fingers
-Two men shot in their heads thinking about bras.
-smoking
-Two Aliens
-Boys Spitting
Image 9:
-Batman fighting
-Bird in the hand
-demon
-Italian man twirling two pizzas.
-Batman peeing
You and everyone else are missing the intent of all this. It is obvious that this "inkblot technology" will never be used to develop and remember passwords.
I am pretty sure now that the reason these inkblots look similar is because all of them are derivatives of the upcoming official Longhorn Logo. MS is playing subliminal mind tricks on everyone so they quickly upgrade to their next big Windows release when it comes out.
(1) An inkblot
(2) An inkblot
(3) An inkblot
(4) An inkblot
(5) An inkblot
(6) An inkblot
(7) An inkblot
(8) An inkblot
(9) An inkblot
(10) Standing in sort of sun-god robes on a pyramid with thousands of naked women screaming and throwing little pickles.
So the correct password is atatatatatatatatatss
Mod me down and I will become more powerful than you can possibly imagine!
I like my system better: Change everyone's password directly on the server. Keep them in an encrypted (but easily searchable) database which only the admin can keep.
Tell the user to remember their password.
Demerit the user each time they have to ask for it, and publish the demerit count every week. Shame them. Demerit them further during daily inspections of workspaces if they have written it down anywhere.
Encourage "Survivor" tactics where workers try to figure out each other's passwords, and earn points for each password they discover. Keystroke logging, hidden cameras, it's all fair in the name of security. And of course, demerit the person who's password was compromised.
They will remember. Oh yes, they will remember.
On first day of hire: "WELCOME TO STRICTCO! YOUR EMPLOYEE NUMBER IS 103489923477730493. THE COSINE OF THAT IS YOUR PASSWORD. FORGET IT, AND WE DOCK YA!"
# Erik - 27 password demerits since 1997
Disclaimer: According to section 39485 of StrictCo's Employee Handbook, by using STRICTCO's Internet connection to post this message, the user's name and password demerit count must be published with each message, along with this disclaimer. Please report any violations to hr@strictco.gg
# Erik
Unless, of course, you happen to be a total psycho