Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Wants To Give You A Rorschach

Posted by ryuzaki0 on from the sticky-note-to-put-on-your-monitor dept.

Preedit writes "Microsoft has set up a website that uses inkblot images to help users create passwords. The site asks users view a series of inkblots and write down the first and last letters of whatever word they associate with each inkblot. Then they combine the letters to form a password. Microsoft claims it's a way to create passwords that are easy to remember but hard to crack. But a word of warning, the story notes that Microsoft is collecting and storing users' word associations."

8 of 223 comments (clear)

  1. Not sure this will help by Qzukk · · Score: 5, Funny

    view a series of inkblots and write down the first and last letters of whatever word they associate with each inkblot. Then they combine the letters to form a password.

    I got vavavapsva.

    More seriously, if they're saving the word associations, doesn't that mean that they have the password you've just generated?

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
    1. Re:Not sure this will help by BarryJacobsen · · Score: 5, Funny

      vulva vulva vulva penis vulva? I'm not sure whether I should be afraid of your mind or the site... Really? I'm not sure whether I should be afraid of his mind or immediately go to the site...
      --
      Track your TV Shows with your iPhone - FREE
  2. Don't do it... by daninspokane · · Score: 5, Funny

    The blots are coded to shut your brain down if you don't have a valid regkey.

    --
    Slashdot is too nerdy for me.
  3. Ballmer's unencrypted file by Eberlin · · Score: 5, Funny

    Anyone wanna bet Ballmer's word list looks a bit like this:
    chair
    developers
    chair
    banana
    ooohshiny
    developers!
    developers!
    developers!

  4. Storing and insecure by tkdtaylor · · Score: 5, Informative
    It's a research project so of course it's storing the responses.
    From the actual site:

    Security and privacy of this service

    InkblotPassword.com is a research project deployed by Microsoft Research. It is for demonstration and research purposes only. You are welcome to try it out, but we make absolutely no promise that our implementation will protect your password. Don't use your account here to protect any data you care about, from money to your reputation. We also make no promise that the site will continue running. Should the service prove successful, Microsoft may consider offering the service as a commercial product or service. For now, consider it an unreliable, insecure service run by a couple research coneheads in their spare time, and trust it accordingly.
  5. Re:Slight problem with this approach by oahazmatt · · Score: 5, Funny

    This method will not create passwords that are strong enough.
    That's why I use the inkblot test, run it through a script that converts random letter combinations to MD5, convert 25% of that end result to l33t, and then randomly add a non-latin character at two locations within that result. I then write it down on my desk calendar.
    --
    Those who believe the Internet is private,
    find their privates are on the Internet.
  6. Re:P**n by ShieldW0lf · · Score: 5, Interesting

    I usually suggest to people that they come up with a positive self talk phrase, take the first letter of each word, then replace a letter with a number that resembles it.

    Something like "I am a happy person who loves their life." turns into "Iaahpwlt1", which is long, contains numbers and letters and no dictionary words whatsoever.

    You end up repeating it to yourself every time you log in, which serves double duty as both a mnemonic device and a way to preserve your positive attitude.

    --
    -1 Uncomfortable Truth
  7. Re:Slight problem with this approach by zsouthboy · · Score: 5, Interesting

    I also highly suggest, right now, that everyone change your passwords to currentpassword x 3 or 4, or more:

    For example, is passwordpasswordpassword any harder to remember than just password?

    But it greatly expands the key space to be searched for anyone trying to brute force...