Slashdot Mirror

← Back to Stories (view on slashdot.org)

Recognizing Your Own Handwriting As A Password

Posted by CmdrTaco on from the sounds-suspiciously-like-reading dept.

Gary writes "A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer."

11 of 151 comments (clear)

  1. Brute Force? by micksam7 · · Score: 3, Insightful

    This would make brute-forcing a password a little easier..

    An attacker could simply select a hand writing at random till they get the right one.

    TFA doesn't say anything about that.

    1. Re:Brute Force? by SatanicPuppy · · Score: 4, Insightful

      Why bother? My desk is covered with my clearly recognizable scrawl, and most of it is numeric just to add insult to injury.

      While the idea of a system that depends on recognition is interesting (though in my mind, not terribly secure for the exact reason you stated), handwriting is probably the poorest example because we leave handwriting samples everywhere. It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...And hell, for this crowd, you don't even have to worry about that.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    2. Re:Brute Force? by necro81 · · Score: 4, Insightful
      From parent post's link:

      Renaud doesn't think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it.
      The folks at Dynahand obviously don't know how bad hijacking someone's social network identity could be. While not as sensitive as banking or medical information, access to one's online profile is a pretty sensitive thing. A person pretending to be you on MySpace or Facebook could cause all kinds of damage to your reputation, lose you (real) friends, and leave an incriminating trail for any future employer to find. Even if you are able to regain control of your account via customer service, and could remove the offending material from your page, nothing is every really deleted from the Internet.
    3. Re:Brute Force? by morgan_greywolf · · Score: 2, Insightful

      What's a password? 7 or 8 picks out of, at most, 52 letters, 10 digits, and 22 symbols, right? 7 or 8 picks out 84 possibles. If you want it as secure as a password, you just need 84 possibles, right?

      --
      My blog
  2. Sometimes, simple is best by pzs · · Score: 4, Insightful

    Passwords actually strike me as quite a good security method. A good password is difficult to guess by a person or by a machine and is very simple to implement, leaving less margin for error in the technology.

    I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.

    Peter

    1. Re:Sometimes, simple is best by Jah-Wren+Ryel · · Score: 3, Insightful

      I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons. Users aren't always just morons. I know a person who has to keep track of 9 unique passwords with at least 3 different usernames, most of which are used once a week or less. All the systems have minimum length and complexity requirements, 90-day expiration and permanent lock-out if an account gets just three failed logins in a row. In his case it is potentially a go to jail offense to write down these passwords ANYWHERE, even in some sort of encrypted form.

      In cases like that, the real morons are the people pushing their authentication complexity onto the users, not the users themselves.
      --
      When information is power, privacy is freedom.
  3. Totally utterly useless on 2 counts by chiark · · Score: 2, Insightful

    1. It's a shared secret. That's all. I was going to say "no better, no worse", but actually it's made significantly worse by being multiple choice.
    2. Doesn't prevent MITM in any way whatsoever

    Now the biometric of someone's typing rythm strikes me as a good thing, along with "PC fingerprinting" and trend analysis, but this suggestion is significantly worse than what we already have available on the market.

    "3/10 - see me" would be my mark for this particular gem.

  4. have to hide my hand writing? by janneH · · Score: 4, Insightful

    What, now I have to bring a typewriter everytime I go to the restaurant - to fill in the tip and total?

  5. Re:Bad idea by SatanicPuppy · · Score: 2, Insightful

    I could quite easily recognize my own...But so could anyone else who has ever seen it. Then there are those people with bland, unmemorable handwriting...How would you pick your handwriting out of a crowd when your handwriting looks like handwriting is supposed to look.

    Additionally, the number of samples would have to be constrained to what a normal person could be expected to go through, so the odds of someone being able to guess it are huge. I mean, I could set my password to the crappy "Guess,15" and it would take millions of brute force guesses to figure it out, as opposed to checking 20 something handwriting samples.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  6. What a stupid concept by Mock · · Score: 4, Insightful

    Here's how you crack it:

    1. generate a bunch of new sessions to the login page.
    2. Identify samples that appear more often than others.
    3. Recognize the handwriting style.
    4. Log in.

  7. Nothing to see here ... by pz · · Score: 5, Insightful

    From the article's first paragraph:

    You can't afford to be careless regarding the password coz you never know ...

    And with that, I stopped reading. Why? Because I don't have enough time to read things that aren't written in at least passable English. If someone has a good idea, and are serious about it, they'll make the effort to communicate it well or have it communicated well for them.

    Nothing to see in this article, and, by strong implication, a worthless idea.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.