Graffiti as Password - Secure and Memorable

← Back to Stories (view on slashdot.org)

Graffiti as Password - Secure and Memorable

Posted by Zonk on Sunday November 4, 2007 @06:31AM from the crouching-tiger-hidding-content dept.

Al writes "A group from Newcastle University has released work that significantly improves the Draw-A-Secret method of creating passwords. The basic concept behind Draw-a-Secret is that humans excel at image recognition and memory, so 'passwords' should be designed to leverage that ability. The people behind the new work have refined the technique by parsing the shapes with a flexible grid and using existing images as a background to reinforce memory of the password. Imagine having your password be a graffiti-laden alteration of your favorite politicians campaign photo..."

4 of 76 comments (clear)

Min score:

Reason:

Sort:

Dupe by damaki · 2007-11-04 06:33 · Score: 1, Informative

http://it.slashdot.org/article.pl?sid=07/11/01/2241246
Nothing to see, move along.

--
Stupidity is the root of all evil.
Not a dupe by phaunt · 2007-11-04 06:59 · Score: 5, Informative

No, this is not a duplicate, but an improvement on the Draw A Secret technology discussed there, as is stated in the summary:
The people behind the new work have refined the technique by parsing the shapes with a flexible grid, and using existing images as a background to reinforce memory of the password. This as opposed to the DAS technology, that uses a rigid grid and a user-drawn background image.
1. Re:Not a dupe by damaki · 2007-11-04 07:03 · Score: 2, Informative
  
  From the previous article :
  By superimposing a background over the blank DAS grid, the Newcastle University researchers have created a system called BDAS: Background Draw a Secret. This helps users remember where they began the drawing they are using as a password and also leads to graphical passwords that are less predictable, longer and more complex.
  
  --
  Stupidity is the root of all evil.
Re:More secure, less useful. by vertinox · 2007-11-04 07:05 · Score: 5, Informative

True, they increase security over standard text passwords, but how am I supposed to give a throwaway password to a coworker so that he can use my machine while I'm on vacation?

Um... Not to side track. That is just a bad security practice. If you need to give your coworker rights to your computer, you give him rights to log into that work station with his name and password.

If he needs to get to your profile or files, then you simply give him the same permissions to access those files. In a windows environment, I would add him to the users so he could log into the machine locally and then set folder permissions to read/write to C:\document and settings\(my profile). On a Mac, I would give him read/write to my home directory. (Of course I don't trust my coworkers that much so I'd put the files they need access to in a single shared folder and let them have at that)

Of course you need to be on a domain of sorts and/or have rights to modify permissions on the files and folders that you own.

If you don't have the permissions to do so (which means IT security doesn't trust you), then I suspect your IT security would beat you with a large 2 by 4 if they found out you gave your password to a coworker.

--
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)