Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Wants To Give You A Rorschach

Posted by ryuzaki0 on from the sticky-note-to-put-on-your-monitor dept.

Preedit writes "Microsoft has set up a website that uses inkblot images to help users create passwords. The site asks users view a series of inkblots and write down the first and last letters of whatever word they associate with each inkblot. Then they combine the letters to form a password. Microsoft claims it's a way to create passwords that are easy to remember but hard to crack. But a word of warning, the story notes that Microsoft is collecting and storing users' word associations."

8 of 223 comments (clear)

  1. Hmmmm .... by gstoddart · · Score: 4, Interesting
    From TFA:

    "A century of psychological literature indicates that inkblot associations are intimately personal, and our own user studies verify that users almost always describe the same inkblots quite differently"

    So, psyche 101 was a long time ago, and that's the extent of my exposure to it.

    Do individual people respond to the same inkblots, the same way over time? Or might I see the same splotch in 3 months and associate something else with it? If there's drift over time, this wouldn't be such a good idea.

    Anyone with a better schooling in human psychology care to chime in?

    Cheers

    --
    Lost at C:>. Found at C.
    1. Re:Hmmmm .... by dgatwood · · Score: 2, Interesting

      I don't know, but about three years ago, I recall suggesting the use of non-abstract images and measuring the brain's electrical response to determine a map of the user's response to a given stimulus. After the system was trained properly, you could use that to be a really, really solid passphrase; while your brain may react a bit differently to images over time, it isn't likely to react dramatically differently for the most part (except maybe after head trauma or something similarly extreme). This seems like a somewhat more practical way of doing the same basic thing.

      I would expect your reactions to differ over time, but I would not expect them to change dramatically in a short period of time, and that's the key to such a system. As I said way back then, as long as you log in periodically, such a system can use a learning algorithm to conclude with a high degree of probability whether it is the same person and then adjust its notion of the password as it goes along. Whether Microsoft will do this or not remains to be seen.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Wait... by ucblockhead · · Score: 4, Interesting

    So they have created a method for creating hard to crack passwords while simultaneously collecting the data to more easily crack them?

    --
    The cake is a pie
  3. Captcha by GreggBz · · Score: 4, Interesting

    That site has one of the best captcha's I've ever seen.

    Please select all the cats. Pictures supplied (and sponsored) by petfinder.com. Brilliant. Even HAL-9000 might not be able to do that.

  4. Re:P**n by ShieldW0lf · · Score: 5, Interesting

    I usually suggest to people that they come up with a positive self talk phrase, take the first letter of each word, then replace a letter with a number that resembles it.

    Something like "I am a happy person who loves their life." turns into "Iaahpwlt1", which is long, contains numbers and letters and no dictionary words whatsoever.

    You end up repeating it to yourself every time you log in, which serves double duty as both a mnemonic device and a way to preserve your positive attitude.

    --
    -1 Uncomfortable Truth
  5. Re:Slight problem with this approach by Anonymous Coward · · Score: 1, Interesting

    To expand on what another user said, your post is ignorant at best. Methinks you should buy and read Simon Singh's The Code Book. Pay particular attention to some of the reasons the Brits were able to break the daily encryption on the Enigma over and over.

    Any restrictions on what can go in any "slot" (e.g. character number 3) in a password seriously weakens the password of that length, by extension saying that a password must have at least one character from a restricted set of normally allowed characters likewise weakens it, not strengthens.

    Like another respondent said, if you want a stronger password, make it longer. Your approach, as common wisdom so often is, is flawed.

  6. Re:Slight problem with this approach by zsouthboy · · Score: 5, Interesting

    I also highly suggest, right now, that everyone change your passwords to currentpassword x 3 or 4, or more:

    For example, is passwordpasswordpassword any harder to remember than just password?

    But it greatly expands the key space to be searched for anyone trying to brute force...

  7. Re:Slight problem with this approach by twifosp · · Score: 2, Interesting

    but what's so hard about implementing passphrases instead of passwords?

    I agree with you, but the problem for the average user is that they are not touch typers. They are constantly looking at the keyboard and screen to confirm what they have typed. As the length of the password increases, the odds that a typing error is going to be made also goes up. As passwords are blocked out, it would be very frusterating to a person who has to look at the screen to confirm what they have typed and backspaces often. This gets worse if you are trying to login to a domain with strict policies, I.E. most large companies. If you make too many mistakes trying to login, your account is locked.