Slashdot Mirror
Graffiti as Password - Secure and Memorable
Al writes "A group from Newcastle University has released work that significantly improves the Draw-A-Secret method of creating passwords. The basic concept behind Draw-a-Secret is that humans excel at image recognition and memory, so 'passwords' should be designed to leverage that ability. The people behind the new work have
refined the technique by parsing the shapes with a flexible grid and using existing images as a background to reinforce memory of the password. Imagine having your password be a graffiti-laden alteration of your favorite politicians campaign photo..."
It's tough to imagine hand-drawn passwords becoming much more popular than USB fingerprint readers. True, they increase security over standard text passwords, but how am I supposed to give a throwaway password to a coworker so that he can use my machine while I'm on vacation? The only thing that would make this more ubiquitous than fingerprint readers is the fact that you can use pre-existing touch screen or stylus interfaces as described in the article. In my opinion, this technology won't be able to fill the needs of anything more than a niche market. Nor will people need more than 640K RAM.
http://it.slashdot.org/article.pl?sid=07/11/01/2241246
Nothing to see, move along.
Stupidity is the root of all evil.
My first contact with fisting was, of course, in San Francisco.
I was out on the coast for a round of job interviews in the Bar
area. My fluffy-sweater acquaintances in Cincinnati had scoped out
the territory the previous summer and were full of dire warnings
about South of Market in general and The Hothouse in particular,
so of course that was the first place I headed. Now, fisting
wasn't exactly a deep, dark mystery to me...somewhere along the
line I had acquired the book from the movie classic "Erotic Hands"
and I'd been jerking off to that for quite a while. You might say
I was into the concept if not the reality.
Well, The Hothouse was everything I had been warned it was...humpy
dudes wandering around in body harnesses leading their slaves on
leashes, the whole trip. I nearly came when I walked into the
shower room hunkered down on a plastic hose while he sucked his
buddy's oversize cock. I checked out the sling rooms, but I spent
most of the night doing conventional if rougher-than-usual sex.
I fell asleep with my door cracked. The next morning I woke up
with this warm, wet feeling on my arm. I looked up and there was
this hairy, muscular little dude impaled on my arm to the elbow!
Holy shit! He looked down at me and grinned "Good morning" "Good
morning yourself fucker." " Can you dig it!" "For sure, but I've
never done it before" Well, that turned his motor on, and soon
became oblivious that he wasn't gonna dismount my arm until he had
showed me all the right moves. We ended up with me punch-fucking
him doggy--style with a cheering audience of six or seven
leathermen. Well, my arm was busy most of the morning, but my
asshole stayed virgin.
I sorta filed the experience away and chewed on it until my next
trip to the coast. I only knew one dude in Cincinnati that was
into handball, and we were friends, not fuck-buddies, so I didn't
get a chance to practice again until another job interview took me
to San Diego. The job panned out. and I moved to California.
Now, you have to understand where I was coming from. Cincinnati
is one of the most tight-assed Republican cities in the Midwest.
There was one gay bar and no baths. If you wanted steam you had
to drive to Cleveland, Toledo or Chicago. So the first couple of
years in San Diego I was like a kid in a candy shop...baths, bars,
and Balboa Park!
I fisted if I was asked, and if I was in a "top" mood I got off on
it to a certain extent, but something was missing. What that
"something" was I found out one night at the old Fourth Avenue
Baths in Hillcrest. I was cruising the "open" rooms and came
across this hot little blond surfer-type. We started getting it
on, and our hands both started to go for the ass about the same
time, so he called a halt to go fetch the Crisco and poppers. Now,
fisting wasn't particularly on my mind...I figured we'd trade fucks
and that would be that. How was I to know that gay surfers in San
Diego get into handball?
Well. pretty soon we were pretty busy finger-fucking each other
while we sixty-nined. Then he called a halt and sat up and looked
at me. "Wanna go further?" "As in what?" "Fisting, man." "You
or me?" "Whatever," he muttered. "Well, I've never had it, but
I'm up for trying." Bingo! The idea of a virgin really pushed his
button, so pretty soon I'm on my back with my ass propped up on a
pillow and him sitting cross-legged below me.
"Your head's gonna get it done for you" he told me. "You gotta
want me inside you. It's just like takin' a big cock. It'll hurt
like hell goin' over the widest part of my knuckles, but then once
it's inside you're gonna lose your mind!" Well, we had smoked a
couple of joints and I was pretty mellowed out and the dude wasn't
tryin' to hurry me. We rapped about all kinds of shit, but all the
time there was this gentle but insistent pressure at my asshole.
"How much
odds are the password of a 14 year old boy would be a spacegun, so that pretty much gives you control of half the accounts on there :P
Monstar L
Firstly, passwords are used a lot on the web. Having a password system where you have to draw limits the use of websites when using a mobile device.
Secondly, if people can't see they can't easily use a system where you draw.
Other problems are what language or plugin do you use? flash, java?
You also have to store this information in a database in some form. These methods prevent brute force attacks but won't stop people using SQL injection and other exploits.
Man, I'm tired of all these complicated new password schemes...my bank uses "security code", a "password", and an image, plus they ask you personal questions that half of us don't even have a definite answer to, such as, "what was your favorite candy as a child" or "what's your favorite vacation spot?" Even if I do remember the answer, I have to remember whether I capitalized, and exactly how I typed it. What a pain in the ass. I get locked out of my bank all the time.
God dammit, just let me pick a nice strong password. I can remember passwords.
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
... for the shoulder readers that you don't really want to remember your password^H^H^H^Hpic.
Would you remember it if you saw someone type "Ii2621tJWJ0G", or would you remember them drawing a mustache on Bush?
You must change your graffiti drawing every 7 days and ensure you do not use the same sequence of circles squiggles strokes or triangles.
Your graffiti sketch also must be greater than a house and a tree in complexity and has to include accurate birds and sunshine bars.
liqbase
I have a hard enough time typing in my plain text password in the morning when I get into work through my one blood shot eye.
I think it would be a major pain in the ass to have to draw a picture every time I wanted to log into my computer.
That wouldn't be sucure would it?
Engineering is the art of compromise.
What happens when the person next to you looks and sees what you're drawing? The advantage of text-based passwords is that you can have them as stars or whatever onscreen. And if the users are unwilling / too stupid to make secure passwords (with numbers/letters/symbols), a drawing isn't going to be fundamentally more secure anyways, it's just a gimmick.
I still don't get how these things are supposed to work, really. So you can draw a picture of graffiti and that's your password?
What if I can't draw?
How can you obscure this while "entering your password"? Seems like it'd be a lot easier to see than what someone is doing on a keyboard.
How much is the extra hardware going to cost and would the business want to pay for it?
Why not just do fingerprint recognition?
etc, etc...
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
people are morons. it's not the password, it's the users. while it's great that password security is being updated it's simply not going to prevent most issues.
I can't see how it's more secure. I'm sure many, many passwords will just be some random part of the background, like the bird or a tree, just coloured in.
Also... if we're so much better at remembering images, then one just has to glance at the screen someone is drawing on and then whoops... looks like they remember it too now.
Planet Zebeth - Metroid with a twist
I don't know about anyone else, but even my signature tends to shift a bit every time I jot it down to take a delivery or acknowledge a credit card payment. Even something as simple as a circle is going to throw no-match errors, unless the system's got a lot of built-in leeway for curves and squiggles that aren't in precisely the right spot.
Really easy to remember!
RS
Shoes for Industry. Shoes for the Dead.
This system doesn't lend itself to those with visual impairment very well. In fact, having recently injured my right hand I have had difficulty writing, yet a fingerprint reader is still perfectly usable.
A thistle is a fat salad for an ass's mouth...
It. Its mmision is to have to decide the project to for election, I
What is delicious?
I Browse at +4 Flamebait
Open Source Sysadmin
I just finished changing all of my passwords to "Graffiti". I'd better tell my friends to do the same!
The password to your porn collection is your porn collection ?
Brilliant !
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
So a signature still remains the best way to individually identify someone?
why the hell has the word graffiti been used?
It's completely the wrong word to use, graffiti is stuff drawn/painted etc where it's not meant to be,are they trying to make the project more street? or because you have to draw your picture password with a etch mop while evading the police? I know they said it's akin to drawing graffiti but just that makes no sense to me.
(I personaly cross over between geekery and graff but I doubt anyone else here does)
what would be the input device ? mouse ...
if so most of the people will spend long time trying to log in.
Most comments are missing the "point" made in the end of the article about mobile devices, which IMHO means that this "technology" is better suited for that type of device, NOT "regular" computer terminals. Perhaps not even ATM's at this time because shoulder surfers will probably remember your password easier too. For those who use mobile devices as an integral part of their job (accessing databases, records, etc.), this technology makes sense.
For every present, there is a past
Like star or heart or circle, or square. Ever wondered why mentalist magician act work so wonderfully when they ask the public to chose a shape ? That's because most people will always chose the same shape. I am not sure if you increase or decrease the security because the dictionary attack would be easier (a few form that many people would use) but the possibility for each form would be higher than a simple lower case/upper case...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Imagine having your password be a graffiti-laden alteration of your favorite politician[']s campaign photo..."
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Tired of empty promise? Hesitant of disappointing price? Uncomfortable of complicated order process? VCSALE.COM provides you cheapest price and fastest delivery, with simplest order procedure you could ever expect. Why not just have a try? 10% cheaper than any of other websites you could meet. $90 FOR 2000 WOW US GOLD! $90 FOR 2000 WOW EU GOLD! $42 FOR 1M FFXI GIL! $60 FOR 50 LOTRO GOLD! $50 FOR 1000M EVE ISK! $45 FOR 100M LINEAGE2 ADENA! At VCSALE.com we value each and every one of our customers and we're committed to providing the very best in service and support.
I'm a fan of the grafitti because I'm an old school grafitti artist myself. My specialties were the peace sign, just the word "The Who", the backwards swastkicker, I'd draw the Road Runner, just the word "The Who", Repent 13, just the word "The Who" Those types of things.