Let Your Theme Song be Your Password

← Back to Stories (view on slashdot.org)

Let Your Theme Song be Your Password

Posted by ScuttleMonkey on Monday August 11, 2008 @09:19PM from the just-pick-something-so-horrible-no-one-will-want-to-use-it dept.

An anonymous reader writes "The latest proposed solution to the fact humans suck at using passwords properly is to let people use digital objects, like mp3s, photos or videos instead. A file is hashed into a unique, secure string that acts as the real password. A paper on the idea was put forward in a recent Usenix conference on hot topics in security, and a Firefox extension that implements the idea is available too."

24 of 275 comments (clear)

Min score:

Reason:

Sort:

Hmmm.. by seeker_1us · 2008-08-11 21:25 · Score: 5, Funny

The latest RIAA claim...
"Your honor, the defendant has a musical password which was not authorized by us! By using it on more than one computer, he has distributed it illegally. We demand $700,000 in damages."
1. Re:Hmmm.. by Joebert · 2008-08-11 22:45 · Score: 4, Funny
  
  You think that's scarry ?
  
  Imagine being the idiot that used their full 20:23 length digitally remastered copy of "Yes, The Revealing Science of God", who's on dialup, and has to enter their password in order to change it.
  
  --
  Wanna fight ? Bend over, stick your head up your ass, and fight for air.
2. Re:Hmmm.. by jgtg32a · 2008-08-12 00:14 · Score: 3, Funny
  
  Usually you have to enter the password twice too
3. Re:Hmmm.. by TeknoHog · 2008-08-12 01:11 · Score: 4, Funny
  
  You think that's scarry ?
  No, but using one of the Busytown books as a password would be pretty scarry.
  
  --
  Escher was the first MC and Giger invented the HR department.
4. Re:Hmmm.. by Anonymous Coward · 2008-08-12 02:36 · Score: 2, Funny
  
  Hell I don't even know whether "yes" is the band or song name. I just googled for "really long songs".
  No, not "The Band", "Yes"!
  (Cue Slappy and Skippy...)
Riding on the bus... riding on the bus by Anonymous Coward · 2008-08-11 21:28 · Score: 1, Funny

setting next to bums, there's an open seat, hope that isn't pee
Goatse password? by millwall · 2008-08-11 21:51 · Score: 2, Funny

Hmm, I wouldn't want to be the sysadmin to recover a lost goatse "password picture"!
1. Re:Goatse password? by RuBLed · 2008-08-11 22:55 · Score: 3, Funny
  
  You would have no problems with me cause I would never gonna give up my password and never let it down for you to see...
Re:Truecrypt already does this. by Anonymous Coward · 2008-08-11 21:54 · Score: 1, Funny

goatse?
Re:Truecrypt already does this. by Anonymous Coward · 2008-08-11 21:57 · Score: 1, Funny

Damn! I have the same combination on my luggage!
Let Your Song be Your Password by TeknoHog · 2008-08-11 22:02 · Score: 2, Funny

I think I'll use Sting's "Let Your Soul be Your Pilot", with slightly altered lyrics.

--
Escher was the first MC and Giger invented the HR department.
1. Re:Let Your Song be Your Password by MoreDruid · 2008-08-12 00:27 · Score: 2, Funny
  
  heh... I wonder how many people will just record "My voice is my password" just so they can sound like in the movies...
  
  --
  The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness.
2. Re:Let Your Song be Your Password by GregNorc · 2008-08-12 01:40 · Score: 3, Funny
  
  Actually the line was "My voice is my passport." in Sneakers.
  Turn in your robe and wizard hat. You have been dismissed from the geek squad.
Re:Stupid? by CrazedWalrus · 2008-08-11 22:26 · Score: 4, Funny

I have a fingerprint scanner on my computer which uses libpam-thinkfinger (IIRC) to log me into my desktop session. You'd think the complexity was all the possible permutations of the lines and ridges on my finger, but really, it's just 1 in 10.
Well, it used to be 1 in 11, but I had that fixed. :-)
Re:Stupid? by EdIII · 2008-08-11 22:28 · Score: 5, Funny

Really? I used to use the tip of my penis, but MAN you should have heard the other people in the building COMPLAIN. Bitch, Bitch, Bitch.
My theme song? by Plantain · 2008-08-11 22:39 · Score: 3, Funny

Something tells me a significant portion of the people who'll ever use this will pick "White and Nerdy" by Weird Al' as their theme song... which would kind of invalidate the whole system :>

--
No, but I did throw granola at a deaf person once
Re:Stupid? by MickLinux · 2008-08-11 23:24 · Score: 3, Funny

Much more secure, and easier, is just to remember a few words from the theme song, and craft them into a password, substituting numbers as appropriate. There are many more variants this way, and you don't have to modify the password programs.
Then you work through the song, verse by verse.
As an example, I change my Slashdot password once a month to keep it secure. I'm in the middle of "Money ain't for nuthin", and my current password is based on "Custom Kitchens": two days ago, I modified it to be "ku5t0mK". In about another three weeks, I'll modify it to something based on "refrigerators". Each time I update my password, I have no problem remembering it; and there's almost zero chance that anyone will hack my Slashdot account.

--
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Re:Maybe with some human 'salt' in the mix... by Unique2 · 2008-08-11 23:38 · Score: 2, Funny

image of you doing something unlikely
No need to be coy here, you can just say "sex".

--
No trees were harmed in the posting of this message. However, a great number of electrons were terribly inconvenienced.
rickroll by n3tcat · 2008-08-11 23:51 · Score: 2, Funny

I'll just use "Never gonna give you up" by Rick Astley. I'm sure everyone's forgotten that song by now, right?
Re:Stupid and Redundant by muffen · 2008-08-12 00:11 · Score: 4, Funny

Who needs last.fm? A dictionary attack involving every song released by the RIAA in the last decade would run into (at a wild guess) a few million. Hashing those into a dictionary would take a few days or perhaps weeks, and once done, would not have to be done again. My bet would be on about a month before the first distributions of song hash tables by a bunch of bored kids who know how to use md5sum and bash scripting.
So dictionary attacks with a few million possibilities? This "security" development is worse than the use of real, un-obfuscated dictionary words.
A few MILLION???? Havent you heard all the music lately, it all sounds the same... take a hash of one Britney Spears song and you just got them all... and NO, I will _not_ leave Britney alone.
Anybody else think this? by Missing_dc · 2008-08-12 00:12 · Score: 2, Funny

What was that Jiminy-Cricket??
"Let Your Theme Song be Your Password, and Always Let Your Conscience Be Your Guide"

--
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
Only one issue I see with this by Lostlander · 2008-08-12 01:30 · Score: 2, Funny

Half the nerds and geeks I know would have the same sound as their login sound. The Imperial march from Starwars (vader's theme).
Re:Stupid and Redundant by Anonymous Coward · 2008-08-12 02:13 · Score: 1, Funny

I am worried about Bob being a bigger fan of Britney Spears than Alice who used to use "br1tney" as her password... Seriously, there's something VERY wrong with Bob.
Re:Stupid? by Telecommando · 2008-08-12 03:15 · Score: 2, Funny

On the plus side, no one wants to borrow your computer.

--
Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047