Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let Your Theme Song be Your Password

Posted by ScuttleMonkey on from the just-pick-something-so-horrible-no-one-will-want-to-use-it dept.

An anonymous reader writes "The latest proposed solution to the fact humans suck at using passwords properly is to let people use digital objects, like mp3s, photos or videos instead. A file is hashed into a unique, secure string that acts as the real password. A paper on the idea was put forward in a recent Usenix conference on hot topics in security, and a Firefox extension that implements the idea is available too."

11 of 275 comments (clear)

  1. Hmmm.. by seeker_1us · · Score: 5, Funny
    The latest RIAA claim...

    "Your honor, the defendant has a musical password which was not authorized by us! By using it on more than one computer, he has distributed it illegally. We demand $700,000 in damages."

    1. Re:Hmmm.. by Joebert · · Score: 4, Funny

      You think that's scarry ?

      Imagine being the idiot that used their full 20:23 length digitally remastered copy of "Yes, The Revealing Science of God", who's on dialup, and has to enter their password in order to change it.

      --
      Wanna fight ? Bend over, stick your head up your ass, and fight for air.
    2. Re:Hmmm.. by jgtg32a · · Score: 3, Funny

      Usually you have to enter the password twice too

    3. Re:Hmmm.. by TeknoHog · · Score: 4, Funny

      You think that's scarry ?

      No, but using one of the Busytown books as a password would be pretty scarry.

      --
      Escher was the first MC and Giger invented the HR department.
  2. Re:Stupid? by CrazedWalrus · · Score: 4, Funny

    I have a fingerprint scanner on my computer which uses libpam-thinkfinger (IIRC) to log me into my desktop session. You'd think the complexity was all the possible permutations of the lines and ridges on my finger, but really, it's just 1 in 10.

    Well, it used to be 1 in 11, but I had that fixed. :-)

  3. Re:Stupid? by EdIII · · Score: 5, Funny

    Really? I used to use the tip of my penis, but MAN you should have heard the other people in the building COMPLAIN. Bitch, Bitch, Bitch.

  4. My theme song? by Plantain · · Score: 3, Funny

    Something tells me a significant portion of the people who'll ever use this will pick "White and Nerdy" by Weird Al' as their theme song... which would kind of invalidate the whole system :>

    --
    No, but I did throw granola at a deaf person once
  5. Re:Goatse password? by RuBLed · · Score: 3, Funny

    You would have no problems with me cause I would never gonna give up my password and never let it down for you to see...

  6. Re:Stupid? by MickLinux · · Score: 3, Funny

    Much more secure, and easier, is just to remember a few words from the theme song, and craft them into a password, substituting numbers as appropriate. There are many more variants this way, and you don't have to modify the password programs.

    Then you work through the song, verse by verse.

    As an example, I change my Slashdot password once a month to keep it secure. I'm in the middle of "Money ain't for nuthin", and my current password is based on "Custom Kitchens": two days ago, I modified it to be "ku5t0mK". In about another three weeks, I'll modify it to something based on "refrigerators". Each time I update my password, I have no problem remembering it; and there's almost zero chance that anyone will hack my Slashdot account.

    --
    Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
  7. Re:Stupid and Redundant by muffen · · Score: 4, Funny

    Who needs last.fm? A dictionary attack involving every song released by the RIAA in the last decade would run into (at a wild guess) a few million. Hashing those into a dictionary would take a few days or perhaps weeks, and once done, would not have to be done again. My bet would be on about a month before the first distributions of song hash tables by a bunch of bored kids who know how to use md5sum and bash scripting.

    So dictionary attacks with a few million possibilities? This "security" development is worse than the use of real, un-obfuscated dictionary words.

    A few MILLION???? Havent you heard all the music lately, it all sounds the same... take a hash of one Britney Spears song and you just got them all... and NO, I will _not_ leave Britney alone.

  8. Re:Let Your Song be Your Password by GregNorc · · Score: 3, Funny

    Actually the line was "My voice is my passport." in Sneakers.

    Turn in your robe and wizard hat. You have been dismissed from the geek squad.