Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Dare AI Experts To Crack New GOTCHA Password Scheme

Posted by samzenpus on from the broken-in-3-2-1 dept.

alphadogg writes "If you can't tell the difference between an inkblot that looks more like 'body builder lady with mustache and goofy in the center' than 'large steroid insect with big eyes,' then you can't crack passwords protected via a new scheme created by computer scientists that they've dubbed GOTCHA. GOTCHA, a snappy acronym for the decidedly less snappy Generating panOptic Turing Tests to Tell Computers and Humans Apart, is aimed at stymying hackers from using computers to figure out passwords, which are all too often easy to guess. GOTCHA, like its ubiquitous cousin CAPTCHA, relies on visual cues that typically only a human can appreciate. The researchers don't think that computers can solve the puzzles and have issued a challenge to fellow security researchers to use artificial intelligence to try to do so. You can find the GOTCHA Challenge here."

5 of 169 comments (clear)

  1. You've gotta be kidding me by artor3 · · Score: 5, Informative

    Did the researchers ever try having someone not on their team pass this test? There's no way anyone could figure out which ink blot is which unless they were involved in the naming process.

    1. Re:You've gotta be kidding me by blane.bramble · · Score: 5, Informative

      That is the whole point I believe - as part of the process *you* name the ink blots that were generated for you. Then next time you log in you match them back up.

    2. Re:You've gotta be kidding me by dido · · Score: 4, Informative

      I not only read the article but also the associated paper, and it seems that the proposed scheme involves precisely that. They generate some random inkblots and you have to give them some imaginative descriptions. Nevertheless I remain unconvinced that this is a good idea from a usability standpoint. I haven't even been able to find a link to a working mock-up of the system in action, so I could try it out.

      --
      Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  2. Re:tried it by Chatterton · · Score: 4, Informative

    You just don't need to remember 1 password, but 11 of them to log in... What an improvement !!! :)

  3. Re:tried it by Dachannien · · Score: 5, Informative

    Presumably, in a real-world scenario, you give your own labels when you register for an account. This would hopefully mean you would form a persistent correlation between the labels and the images. But their multicolor inkblots are so indistinct from each other that I think I would have difficulty labeling each image in the first place.