Slashdot Mirror

← Back to Stories (view on slashdot.org)

Recognizing Your Own Handwriting As A Password

Posted by CmdrTaco on from the sounds-suspiciously-like-reading dept.

Gary writes "A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer."

15 of 151 comments (clear)

  1. How about poor geeks like me... by boaworm · · Score: 4, Interesting

    ...who virtually cannot write by hand anymore? I can't even write a proper signature, haven't been using hand writing since I was playing RPGs 10+ years ago.

    I'd say it would be pretty hard to determine how my digits would look like.

    --
    Probable impossibilities are to be preferred to improbable possibilities.
    Aristotele
    1. Re:How about poor geeks like me... by bumby · · Score: 5, Funny

      my digits looks like this:
      012345679 (bitstream vera sans)

      --
      Hey! That's my sig you're smoking there!
    2. Re:How about poor geeks like me... by Atraxen · · Score: 5, Interesting

      It's a bad call if it's the only authentication entry, but if it's in addition to something else it might be good. Many banks seem to be going for the 'something you know, and something you recognize' auth motif (banking as one example, where you recognize and identify a preselected word or graphic.) Maybe soon for really secure accounts, we'll have a fairly painless set of layers, ala: something you have - the random PIN cards, something you know - pword, something you i.d. - (handwriting/picture/word)?

      --
      Be careful of your thoughts; they could become words at any minute...
  2. Re:Brute Force? by micksam7 · · Score: 5, Informative

    To anwser my own question, I found a better article:

    http://www.technologyreview.com/Infotech/18986/

  3. Re:Brute Force? by SatanicPuppy · · Score: 4, Insightful

    Why bother? My desk is covered with my clearly recognizable scrawl, and most of it is numeric just to add insult to injury.

    While the idea of a system that depends on recognition is interesting (though in my mind, not terribly secure for the exact reason you stated), handwriting is probably the poorest example because we leave handwriting samples everywhere. It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...And hell, for this crowd, you don't even have to worry about that.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  4. Sometimes, simple is best by pzs · · Score: 4, Insightful

    Passwords actually strike me as quite a good security method. A good password is difficult to guess by a person or by a machine and is very simple to implement, leaving less margin for error in the technology.

    I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.

    Peter

  5. WTF by egandalf · · Score: 5, Funny

    I've got a simpler idea, why don't we just ask people a simple true/false question. I've got the first:

    A single html radio-button form-based multiple choice question is a reasonable security measure.
    A) True
    B) False

    But I think there should be an option "C," though that would make this not a real t/f question:
    C) WTF?!

    --
    Those who have telepathy have no need to RTFA.
  6. have to hide my hand writing? by janneH · · Score: 4, Insightful

    What, now I have to bring a typewriter everytime I go to the restaurant - to fill in the tip and total?

  7. Re:Brute Force? by Joebert · · Score: 5, Funny

    That's the greatest caught masturbating at work coverup I've ever heard.

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  8. Re:Brute Force? by Red+Flayer · · Score: 4, Funny

    It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...
    Why do you hate nudists and porn stars?

    ...And hell, for this crowd, you don't even have to worry about that.
    Speak for yourself, I'm quite positive that several hundred people have seen my genitalia. Though I'm not sure they got a good enough look to be able to identify me in the short time my trenchcoat was open.
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  9. What a stupid concept by Mock · · Score: 4, Insightful

    Here's how you crack it:

    1. generate a bunch of new sessions to the login page.
    2. Identify samples that appear more often than others.
    3. Recognize the handwriting style.
    4. Log in.

  10. Re:Brute Force? by necro81 · · Score: 4, Insightful
    From parent post's link:

    Renaud doesn't think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it.
    The folks at Dynahand obviously don't know how bad hijacking someone's social network identity could be. While not as sensitive as banking or medical information, access to one's online profile is a pretty sensitive thing. A person pretending to be you on MySpace or Facebook could cause all kinds of damage to your reputation, lose you (real) friends, and leave an incriminating trail for any future employer to find. Even if you are able to regain control of your account via customer service, and could remove the offending material from your page, nothing is every really deleted from the Internet.
  11. Re:Giving out your phone number is risky... by Glytch · · Score: 4, Funny

    Exactly. In the old days, someone would have to find the stickynote on one's monitor that specifically had one's password written on it. Under this scheme, any stickynote at all will do!

  12. Re:Totally utterly useless on 2 counts by glwtta · · Score: 4, Funny

    biometric of someone's typing rythm strikes me as a good thing

    Haven't we been over this? That system assumes that you are always logging in at the same level of drunk - that's not feasible.

    --
    sic transit gloria mundi
  13. Nothing to see here ... by pz · · Score: 5, Insightful

    From the article's first paragraph:

    You can't afford to be careless regarding the password coz you never know ...

    And with that, I stopped reading. Why? Because I don't have enough time to read things that aren't written in at least passable English. If someone has a good idea, and are serious about it, they'll make the effort to communicate it well or have it communicated well for them.

    Nothing to see in this article, and, by strong implication, a worthless idea.

    --

    Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.