Pictorial Passwords 331
Stone Rhino writes: "No longer do you need to remember passwords. Now, thanks to graduate students at Berkeley you merely need to pick out the right pieces of abstract art. There is a story on it at the New York Times. However, there is a problem with it that I see: 5 images from a set of 25 means 53,130 potential combinations. This would be much easier to crack by brute force than a standard alphanumeric password with its billions of possibilities and millions of likely choices." Maybe you have to get the sequence of images correct? If so there are some six million combinations, still weaker than a optimum password but probably stronger than the passwords most people choose (usually their significant other's name). There's another article on passwords in that same NYT edition.
ATMs (Score:5, Insightful)
Re:ATMs (Score:5, Insightful)
If you consider that a person would first need to steal your card and then figure out your PIN number, it becomes apparent that increasing the difficulty of the password is foolish. If your card is lost or stolen, you report it and you save yourself some pain. If your card is lost or stolen, you have a pretty reasonable barrier because the card is physical and needs to be taken to an ATM. Then, even if the card is used immediately, the thief needs to sift through 9999 combinations.
Security is not meant to lock you in. It is meant to keep other people out. When you think about that, you'll see that you often just want very good security with excellent convenience. That is, you want optimum security, not maximum security. You do not really want maximum security because that would drammatically decrease convenience. For example, if you really wanted maximum security of your funds, you would put them in the bank physically and you would pull them out physically. You would not even use an ATM because the security is not maximum.
ATMs are convenient and the security is reasonable. Most people can remember their cards and their 4-digit codes. If you start trying to increase the security, you are in for trouble in my opinion. If you really wanted to increase ATM security, forget about pictures. Instead, look into biometrics [ittoolbox.com], which are much more reasonable.
Re:ATMs (Score:3, Interesting)
What's more, to use an ATM you must physically key in the PIN, there is no way to automate a brute force attack against the keypad at an ATM. Additionally most ATMs will swallow your card after a certain number of wrong PINs (3 at my bank) so you aren't going to have much luck guessing.
You'd be surprised how many people write their PIN on the back of the card, or somewhere else in their wallet, but it happens enough that the signature panel on my card bears the warning, "Do not write your PIN on your card" That's why banks impose daily limits on how much money can be withdrawn through ATMs.
Re:ATMs (Score:2)
More like 1234 combinations to get to the right one
Re:ATMs (Score:2)
Or, look on the back of the card to read the PIN written by the card holder who can't be bothered to memorize that pesky 4-digit number.
Re:ATMs (Score:3, Informative)
One way involves thieves putting up their own ATM machine in a mall or some such, and simply waiting for people to use it. After they enter their PIN, it eats their card. In another method, the thieves place tape in the atm card slot ("looping") and videotape anyone using the ATM. When the victim leaves, they retreive the card, which the tape prevented from coming out of the ATM machine.
A variation of the fake ATM machine method returns the card, but records the card info, and the thieves program another card with that info, which is equivalent to having the physical card in their possesion.
The point being that switching from a PIN to any kind of longer password entered by the customer doesn't hinder these attacks in the slightest.
Images? (Score:3, Funny)
implications.. (Score:5, Funny)
> their significant other's name)
So does this mean that the harder a person's password is to crack, the less likely they are to have a sex life?
Re:implications.. (Score:2, Funny)
Re:implications.. (Score:2)
While working in technical support, I noticed that a disturbingly high amount of our users used theie own username as their password. Either that or the highly secure "password".
Sadly, most customers would just be frustrated if we actually disallowed such stupid passwords.
Re:implications.. (Score:4, Insightful)
Re:implications.. (Score:2)
Use your imagination---and borrow someone else's.
-l
Not secure. (Score:2)
This trick is well understood by the crackers of the world, who do not discount passwords to try because they aren't in the OED. They have wordlists of Tolkein, and Dune, and Star Trek, and Star Wars, etc. etc. You'd be better going for something less Geeky.
For me, I use strings of characters based on a keyboard shape. Example: gfhbt makes a sort of star on your keyboard. I add some punctuation in there too of course. You can quickly learn a sort of muscle memory of the movement you make to type it. Doubtless now someone will post explaining how crackers beat this one.
This abstract art sounds a good idea, but surely there's a better way? The human capacity to recognize faces is one of the most effective known. So, make my ATM password Margaret Thatcher, Abe Lincoln, Spock and Graham Chapman(wasn't that an actual plot of an episode?)
Re:Not secure. (Score:2)
-l
Re:Not secure. (Score:2)
no but, what happens when you move to a dvorak keyboard?!? or a twiddler?!?
my passwords used to be pseudo-anagrams for sentences i could remember, with characters and numbers substituted all around, like !wKP5dhr (no weak password here). Lately i've been randomly generating passwords and figuring out what they meant afterwards. Your gfhbt example looks like "Go Frodo the HoBbiT" to me.
According to the so-called experts (Score:2)
I really like 2 eat pizza on Fridays. Irl2epoF.
The addition of nyumerics and punctuation GREATLY increases the complexity and time required to brute force a password.
Re: (Score:2)
Re:implications.. (Score:2)
JOhn
Re:implications.. (Score:2)
- While working in technical support, I noticed
Umm...how exactly did you notice this? Were your customer's passwords stored clear-text?Umm...by the way...where was it that you worked, again?
This illustrates a larger problem: one password used in various settings. The password may be "23H&*sSie2@slo" but if you've used it in two places it's not secure. If you use this at, say, Wells Fargo and, say, Slashdot then CowboyNeal may be helping himself to a little X-Mas bonus...
Re:implications.. (Score:2)
the user calls you up, you ask them for their login, and instead they give you their password.
the user calls you up and immediately starts telling you everything about themselves, including their dog's bladder problems and their password.
the user has tried to login in and since they were having problems, they switched their login with their password... which is then recorded in the logfiles.
Those are the first few ways which come to mind, all of which happen to me on a regular basis; the only time i store the password in clear text is when we send out the original account password.
i think passwords should at least be used in a manner similar to firewall dmz's - that is, one set for the internal servers, one set for the borderline, and one set for external servers (or, servers you have sole root on, servers you share root on, servers you dont have root on). But preferably every acount you have that matters should have a different password than the last
the last thing i want is for someone to be able to post on slashdot as me just because they cracked my credit card password! oh, the horrors!
Re:implications.. (Score:2)
Re:implications.. (Score:2, Funny)
>password is to crack, the less likely they are
>to have a sex life?
Not if their significant other is known as "PC"
Re:implications.. (Score:2)
From a Tech Support view (Score:5, Funny)
I wouldn't know where to begin trying to describe what pictures to use for their password... "Ok, now choose the picture that looks like a moose being sucked into a vortex".
Re:From a Tech Support view (Score:2, Interesting)
I wouldn't know where to begin trying to describe what pictures to use for their password...
That's the whole point. Because our mapping of language to art is so loosely coupled, it's hard to write down and/or describe to another person your password. Theoretically, this dramatically reduces a source of password insecurity.
Re:From a Tech Support view (Score:2)
Re:Scrambled photos (Score:3, Interesting)
Re:Scrambled photos (Score:2)
Yeah, that's secure. I mean, it's way harder to shoulder-surf five consecutive movements of a mouse pointer between five pictures from halfway across the room than it is ten fingers on 40-odd keys.
Until we get cameras that track eye movements installed on every computer, the "visual password" is a bad idea.
Re:Scrambled photos (Score:2, Insightful)
However, I would have to see their test methodology to not instintively want to criticize this. I have to wonder if they tested peeople's ability to remember multiple passwords (especially mixing a frequent use one with a not-so-frequent one). I have to wonder how they plan to enable this system so that visually-impaired people, from the color-blind to people without eyeballs, can use the system. And I have to wonder how well they can test people's ability to remember *changed* passwords-- if the images from my last password show up on the selection grid, will this interfere with my visual memory?
Reg. Bypassed URLs for those articles: (Score:5, Funny)
Second Link: http://college.nytimes.com/2001/12/27/technology/
Jeebus! (Score:5, Insightful)
"Galadriel is one icy babe but Jackson got it right"
Password: gi1ibbJgir
And I'm sure this approach is nothing new to most /.'ers. And the cool thing is that just a couple of words from the password, say Galadriel and babe, is enough to bring the bloody password back long after one's finished with it.
Feh!
Re:Jeebus! (Score:5, Informative)
"All Your Base Are Belong To Us!"
becomes
"aybab2u!"
Another useful password naming procedure is the use of 'l33t speak' inside passwords... especially long ones. On systems that support passphrases or long passwords instead of 8 char strings, this makes creating and remembering passwords quite a bit easier.
"My Password Rocks" is probably not so good, but
"MyP455w0rdR0X0r5" is a 16 character password with 7 numbers, upper and lower case characters, and no long strings of plain english text to get chewed up in a dictionary attack.
Re:Jeebus! (Score:2, Insightful)
Actually, you probobly don't even have to modify your password cracker, just convert your word lists to l33t speak (i.e. 'a' becomes 4, 's' becoms 5,
I think the idea to use more characters than just 'a-z' is a good one, try to use characters from 'a-z', 'A-Z', '0-9', '!@#$%^&*()', and even the characters with accents. But, try not to make it predictable like "l33t speak".
btw, your example "MyP455w0rdR0X0r5" might not be to bad since "R0X0r5" might not be a word in a word list, but "my" and "password" probobly would be in the list. Then again, I'm no expert in cracking passwords or "l33t speak" so maybe someone else would have it in their list.
Re:Jeebus! (Score:2, Funny)
Re:Jeebus! (Score:3, Funny)
"...Because of the complexity of the password selection rules, there is actually only one password which passes all the tests. To make the selection of this password simpler for the user, it will be distributed to all supervisors. All users are instructed to obtain this password from his or her supervisor and begin using it immediately."
Or use an MD5 Hashed Password (Score:3, Insightful)
Similar to Passface (Score:5, Interesting)
What was interesting was that in finding that URL, I went back to the site for the first time in over a year, and was able to log-in no problem. I remembered my combination of faces.
There's definitely something to this technology!
rOD.
Re:Similar to Passface (Score:5, Interesting)
What was interesting was that in finding that URL, I went back to the site for the first time in over a year, and was able to log-in no problem. I remembered my combination of faces.
There's definitely something to this technology!
Unless you're face blind [choisser.com].
Re:Similar to Passface (Score:2)
Re:Similar to Passface (Score:3, Funny)
This probably won't help the situation (Score:2, Insightful)
Also, what about the disabled? It would seem like a no-brainer to offer vision-impaired an alternative, text-based password, but if your rolling this out large scale (like ATM's or something), you might be looking at a number in the thousands of customers who can't use your picture-password system. Major admin headaches.
My Favorite Quote On The Second NYT Article: (Score:5, Funny)
Even high-ranking executives? Make that especially.
Done earlier/better by RealUser? (Score:3, Insightful)
Speaking of bruteforceing passwords. (Score:2, Interesting)
Wouldn't this be a good way to avoide bruteforcing of these pictorial passwords?
Re:Speaking of bruteforceing passwords. (Score:2, Insightful)
A film that shows drawing passwords instead typing (Score:2, Informative)
There's a intesting way to draw passwords.
Eliminates repetitive password use! (Score:3, Insightful)
Using pictures would make this all but impossible, since every provider would (or at least, SHOULD) be using their own set of pictures.
While that's all good for security, I can't believe that it would make remembering your password any easier. Since the story is touting that as the chief benefit, I think they're going to have a really hard sell.
Re:Eliminates repetitive password use! (Score:2)
YAAAAAAAAAAAAAGH!
What the hell! Are most /.ers some kind of mutants? (Wait a minute, maybe I don't wanna know.)
Reading that BBS article reminded me that I had over 40 passwords, each one different, for each BBS that I called, and none were guessable in a dictionary attack. It's been over fifteen years, and I can still remember two or three of these.
Today, I'm down to about ten passwords I use frequently, all different, all randomly-generated. And apart from a one-day "learning curve" where I train my finger muscles to type them quickly and discreetly, I still don't have a problem with it.
What the hell? Am I some kind of alien/human hybrid with a unique nervous system never before seen in evolutionary history? Or do I just have two functioning neurons to rub together?
Sure, if you use a cookie to "remember" your settings and only type a password once every few months, you could fail to learn it, but the cure for that is to just use the password more often - enable it on your screen saver, check your stock portfolio daily, etc.
I know I'm preaching to the choir here, but what the hell is so hard about using passwords? The more you use them, the harder they are to forget.
Re:Eliminates repetitive password use! (Score:2)
No, I read it, but you didn't read my reply. The formulas could indeed be standardized, but as a sysadmin, why would I use the standard pictures? Wouldn't I want my site to be more secure by using non-standard pictures, so that people would be forced to use a different password than the ones they universally use - thus ensuring more security?
Try telling this one to a friend (Score:5, Funny)
"No Bill, it's Black Guy, Asian Guy, Samoan Woman, Black Guy with the scar, White Guy with glasses! Hurry up before the Holodeck explodes!"
Re:Try telling this one to a friend (Score:2)
Re:Try telling this one to a friend (Score:5, Funny)
--
Mod me down, I'm way off-topic.
Do the math... (Score:2, Insightful)
Re:Do the math... (Score:2)
If I'm only shown 25 pictures, it doesn't matter how many I'm not show, the alphabet size is still only 25.
And you can't ever show me a different 25, because my 5 have to be in there. If you show me my 5 + 20 others one time, and a different 20 + my 5 a different time, then the ones that came up both times obviously include my 5. Makes the shoulder-surfer's job a whole lot easier.
If it can't KNOW who I am, it's still spoof-able (Score:5, Informative)
The rest, as we can read, is just a bunch of jokes.
So it's not perfect, (Score:2)
I have seen to many times people doing all the "don't do's" like writing down the password and putting it on the desk, keyboard, monitor. and forcing them to change the password once in a while makes it even worse, like they use a name followed by a number and then they just increment the number when the have to change the password.
The lack of a single signon [novell.com] often amplifies this problem.
Re:So it's not perfect, (Score:2)
Not so sure about this... (Score:3, Interesting)
Not so sure at all.
Color blind (Score:5, Insightful)
Re:Color blind (Score:2)
If I want to use an underscore in my password I don't care that my password becomes Mona Lisa, Mona Lisa, Seurat's Lady Powdering, Dali's Eggs on a Plate Without a Plate, underscore, Van Gogh's Starry Night, Munch's The Scream.
Re:Color blind (Score:2)
not at all... you just make each image map to a keyboard character.
Great idea! I suggest ASCII characters.
Wait a minute...
Re:Color blind (Score:2)
Re:Color blind (Score:2)
And let's be very careful not to exclude the uncultured masses who can't tell the difference between an abstract Boyd and a minimalist Sultan.
Re:Color blind (Score:2)
Well it still doesn't help... (Score:2)
What I find interesting is that most people have poor spatial reasoning and form recognition. In fact, tests of those two are used in IQ tests and the ASVAB (Armed Services Vocational Aptitude Battery) - specifically for military to guage your ability to avoid friendly-fire incidents, recognize enemy movements/formations/activities.
Since it's obviously not a picture-puzzle to be assembled, I think a lot of people would have a hard time remembering.
Brute forcing... (Score:2)
Passphrase strength (Score:3, Interesting)
This document contains a rough reckoner for calculating whether a passphrase is strong or weak. It makes the point that for a passphrase to be as strong as the encryption in PGP, it needs to be 30+ characters long. ! Remembering one or two paintings might not quite cut it.
For most systems, you can safely use shorter passphrases if you are only permitted a limited number of attempts or have no access to the machine (like at a bank) or the passphrase is changed frequently, or if the phrase is truly random.
Regardless, the strength of the passphrase is almost always the weakest link in any security system.
SSH & Co (Score:2)
Shoulder surfing (Score:4, Insightful)
Re:Shoulder surfing (Score:2)
Compatibility (rollout) and some Numbers (Score:2)
Agreed, on-screen indication of your image choices would facilitate shoulder-surfing. Not Good.
Compatibility with legacy ATMs. There's even more difficulties than just shoulder-surfing... what happens if your account uses a "visual password" and you find yourself at an "old-fashioned" ATM that requires a numeric PIN? Poof! So much for being able to access your account around the world! Unless, of course, you are also required to memorize a numeric PIN, which will likely be forgotten from disuse! Any additional security from the additional permutations offered by a "visual password" would be lost as a cracker could try and break the numeric PIN, instead.
Physical posession of bank card not required. Further, with more and more banks offering on-line access, there is no longer a requirement that the physical card be present at the time of the transaction. Set up a shell account, use the on-line bill-pay feature to send some funds to it from the hijacked account, and the deal is done.
Computing the number of passwords.Since I went through the work of figuring these for myself, I thought I might as well share it here to save others from the work. Also, there are other ways of viewing this which lead to a vastly larger number of choices, so I'll include those here, as well.
Current practice #1. Many accounts require only a 4-digit PIN. Which offers the user a choice of any 4-digit number from "0000", "0001", "0002", ... "9999"; that works out to their being only 10, 000 choices.
Current practice #2. Some accounts permit an 8-digit PIN. Which offers the user a choice of any 8-digit number from "00000000", "00000001", "00000002", ... "99999999"; that works out to their being 100,000,000 choices.
Original posting: 53,130 possible choices. That seemed much smaller than I would have thought. For those who are interested, here is how that number was reached.
The calculation resulted from determining the number of combinations of 5 objects taken from a pool of 25 where order is not significant.
First, the calculations which produced this value, and other possible computations which produce a much-larger number of choices.
The original 53,130 can be worked outas follows:
(25!) / ( (25 - 5)! * 5! )
= 25! / (20! * 5!)
= (25 * 24 * 23 * 22 * 21 * 20!) / (20! * 5!)
= (25 * 24 * 23 * 22 * 21) / (5 * 4 * 3 * 2 * 1)
= (25 * 24 * 23 * 22 * 21) / (5 * 24)
= (5 * 23 * 22 * 21)
= 53,130
The original posting suggested it might be more like 6 million choices. If, we assume that the order IS significant, AND, no re-use of a choice is permitted, then we can come up with the "six-million" choices:
25 * 24 * 23 * 22 * 21 = 6,375,600
If re-use of a previously selected image is permitted, then we have ALL 25 visuals available for EACH of the 5 choices:
25 * 25 * 25 * 25 * 25 = 9,765,625
Summary. In short, there are at best on the order of 10 million choices using the visual password technique, and it would require a tremendous amount of change to the existing ATM infrastructure. Simply using an 8-digit PIN permits 100 million choices, and does NOT require any major changes to existing ATMs. In light of these calculations and costs to implement, I doubt we'll see this new technique implemented any time soon, if at all.
DoD guidelines (Score:2, Informative)
PINs (Score:2, Insightful)
What they dont mention is that pictoral passwords are intended to be used in an ATM enviornment, rather that on a LAN. The PIN for your ATM is only 4 numerics long, not even alpha-numeric. A brute forcer can do 2 million/sec on a 800mhz pc, it would brute the entire key space in a millisecond in ATMs.
The reason why PINs are only 4 digits is the other compensating controls you have in the banking enviornment.
1) There is an extremely limited interface to the ATM (just keypad and and a few multi-use keys).
2) The physical security of an ATM, these suckers are actually safes that are resistant to bomb blasts, rednecks trying to tow them away with their 1/2 ton chevys, etc.
3) The PINs are stored on a crypto device, not physically at the ATM, that destroys itself if it is pried open.
So, this would be good for banking applications, but not good on your LAN... for obvious reasons.
apparent problems (Score:4, Interesting)
Problem is that this has NOTHING AT ALL to do with how you actually pull out that memory. I mean, having this strong kinesthetics allows you to keep that password in your head, but it does nothing for pulling it out (unless you ALWAYS use the same password... more on this later)
What triggers that memory really has to be one of four things: A sound, an image, a phrase (written), or a touch. That's not true, at least with me (functional keyed-retreival) but most people at least fall into those four.
This is a cue that your mind uses to pull out those memories at the appropriate moment. The feedback starts and you can whip out your password completely automatically, right?
Some "realistic solutions" to these problems include: BIOMETRICS - which don't require ANY memory, SINGLE LOGIN - which limit the number of cues needed, ASSYMETRIC-KEY - which relies on math, etc, etc.
I say "realistic" because people have used them and they DO work. They don't affect that memory pathway in and of itself, but instead rely on more durable pathways (e.g. outside of the person
Unrealistic methods? Pictorial passwords. Besides the obvious that they're useless to the blind, many (dare I say most? nah, I couldn't find those numbers) people lack a visual eidetic. This means that they're very easy to confuse with similar images - because they cannot be used as triggers for their memory- They simply cannot remember seeing that.
Surely, they can remember the memory of seeing, or the act, maybe if they described it to themselves (common: turning a visual cue into an audio one, but this is time consuming and rarely works for long) - point being, it pushes WAY too much emphesis on only one cue.
With our current method, I gain some visual cues; input fields on the left, on the right, a popup, etc. I also gain some functional cues (mail related? do I know these people? am I these people? was this just a test?)
I then turn all these cues into the blinding flash of realization that sends my fingertips into a frenzy typing out the appropriate login and password for wherever I'm at. (except on slashdot, i'm a wuss... i use cookies
My cues may not be the same as everyone elses' but everyone does have cues. I think that changing the focus of WHAT we remember is less important than changing the cues by which we DO remember.
(There, I think that makes more sense now)
neat, but... (Score:5, Informative)
Other ways ? (Score:2)
Of course applying it may require some learning session from the software...
I however think it is high time we got pressure-sensitive keyboards so that we may finally derivate such idea in some kind of computer-graphology (BTW these keyboards would be great for musicians as well as hard core gamers who need enhanced versatility while fragging around).
Until then, I presume it would still be be possible to use the mouse to write the password instead of typing it.
An advantage of either concept is that the annoying 3 second waiting time we have after a wrong passwd entry could be avoided if the login daemon detects that the attempt is too long to be part of a brutal force/dictionary attack.
need some psychology on this (Score:3, Insightful)
Interestingly enough, this is something that I tried hacking out a few years ago (though not under the pleasure of being funded by an academic institution).
I found that people like to click on distinct places, and not the whitespace between shapes/objects. Otherwise, they won't be able to remember exactly which spot they clicked on. This can be analogous to people using dictionary words for their alphanumeric passwords.
Another annoyance that I found was that hitting the exact pixel that you wanted was nearly impossible. You're more likely to hit one adjacent, or 2 away... so increasing the area of error reduces the number of possibilities.
Finally, when I want to get work done, I don't want to play a video game. Making someone hit their exact spot in a sequence of 5, or 10 images, whatever requires skill and accuracy. If you hit the first 9 right, and mess up by one pixel on the last, you have to start all over again. Imagine if you had to achieve a difficult feat - like slaying 20 characters in Quake on nightmare mode before you can log in... damn.
In summary, I think this is a really cool idea (otherwise, I wouldn't have gone to the trouble of implementing it myself) - but the downsides outweigh the benefits.
Limited application (Score:4, Insightful)
Oh, maybe for an ATM, where it's more secure than a four-digit PIN, it'd be secure enough, but it's still unworkable.
Most ATMs use very low-res displays; in fact, many are text-only displays. (I believe a large number of them are actual Hercules monochrome cards, with the ATM running OS/2, for instance.)
If you use a touch-screen, it'll become impossible to hide what you're typing, so you pretty much have to stick numbers up there and have people type the number of the correct picture. You'll have to swap the pictures around if you want to prevent people from just writing the numbers down, so you'll end up with it being harder to remember because the pictures are all on screen at once and in a different place every time.
In the end, you'll have to keep the number of pictures low, and the length of the password low, or people won't be able to remember. Hell, people forget their 4-digit PINs now.
At least with a PIN you can disguise it when writing it down; put it in your address book as Uncle Luigi, with the last four digits of his bullshit phone number being your PIN. What are you gonna do if you need a reminder for this, take a Polaroid of the screen and put it in your wallet?
I'm sure there are applications where this technology will work, but I don't think ATMs are it, and I'm REALLY skeptical about using it for locking PCs.
Biometrics are the future of easy-to-remember identification.
Re:Limited application (Score:2, Insightful)
No, not because banks keep difficult hours...
okay, fine, thats ANOTHER reason.
Quickness of transaction. provided its available, i can step up, tap in my 4 digit code in less than what ? less than 2 seconds? and get money in less than a minute.
Now, instead of 10 different buttons you're essentually offering people 25? and you even want to mix them around so you have to hunt for the right button (you could use some type of GUI for picture display and a touch screen, but that wouldn't speed it up any, especially if you mix the order).
This just seems like another attempt to force people into a hardware upgrade in order to run some bloated software. Is M$ involved?
Pointless for ATMs (Score:2)
I can't see the point in using this for ATMs. Those things are never brute-forced, it's much simpler to just have a guy stand behind and watch you type. Assuming you still have to press some button to select the pictures, he can still watch. The best security improvement would be a cover over the keypad, or putting the ATM itself inside a one-person sized cubicle.
Of course other systems are subject to brute force attacks on weak passwords...so this may be more approprate there. I can just see it in Windows 2004 - "Press ctrl-alt-del and pick the right 3 cats". Hmmm...business use??
Prevents "Password Sharing" (Score:2, Interesting)
And here is the interesting URL (Score:5, Informative)
http://www.sims.berkeley.edu/~rachna/dejavu/ [berkeley.edu]
Which always seems to be missing.
Implementation details (Score:2, Informative)
can be found in one of the researchers' papers [berkeley.edu], where it can be seen that the poster, editor, and many of the commentators here make incorrect assumptions. The user of the system must simply recognize which subset of images from a presented set belong to a previously chosen portfolio. The number of images in the portfolio is larger than the number of portfolio images in the presented set; this makes shoulder surfing ineffective unless it is done repeatedly. Also, identification of the portfolio images can be done by pressing keys, and can be hidden just as are conventional passwords. Each image is equivalent to an eight-byte number, but from this large set they have hand-selected 10,000 images for the current implementation, still leading to a very large number of possible passwords.
The weakest part of the system is what I would have thought was the obvious one: quoting from the paper,
Some Problems (Score:2)
Anyway, since humans are very good at remembering visual information, wouldnt it be fairly easy to watch someone login a few times and see which images are the same.
Also, i see another problem, if someone was watching you they can determine what images you select. This would happen because of the speed at which you would select the images. since, the images are most likely randomly placed, you cant remember the position of the items, so you have to process the complete set of images and then select the proper images. Then if someone is looking at you, they can see the keys you press, and associate it with the image.
Compare that to textual passwords. You know your password isn't going to change, and even if you type at 20wpm, it would only take 1 or 2 seconds to type the password. And I think, it is much harder to look at your fingers and determine which keys you hit at which time.
Error messages (Score:2)
Has anyone done any research into pictorial errors? I think the average end-user might actually remember 'blue puppy with a banana'. You don't need too many symbols before you can encode a fair number of error messages especially if you include a small number of colour variations, and the sort of thing used currently by people like MS is meaningless to everyone but the programmer anyway (long hex codes). Once you've accepted that the user is not in a position to fix the problem themselves, then the challenge becomes one of conveying the information to the support person without corruption or loss of detail.
Obviously, having software that doesn't produce errors or allow the user into 'error' situations would be better still, but that seems to be too hard.
Re: (Score:2)
It's worse than that (Score:2)
I wish. A couple of years ago, I worked as a sysadmin for a large government institution (which will remain unnamed) where I determined that 89% of all passwords could be compromised in three tries by using
- the username
- "password"
- "secret"
Given a fourth try, you could nail half of the remainder with "pass".And yes, I tried to get this changed, but end-user recalcitrance trumped common-sense. Until we have standardized biometric validation over secure channels, I don't think it's going to get any better.
Re:It's worse than that (Score:2)
I admit it is wrong, but those users never call back about forgotten passwords.
For the most part, though, my users are pretty good with their passwords - so many use a combination of numbers and letters that I am sometimes amazed, amazed because these are the same people who have problems remembering which drives are on the server and which are on the machine in front of them
Password Overload (Score:2, Insightful)
Most
Granted, the normal user doesn't have our problem. However, the normal user also has little inclination to merely accept this predicament. While I think nothing of whipping out my Visor for a password, most people lack the sense of urgency we feel to insure system security. Nor do they have the patience to commit 30+ identities and passwords to memory.
Maybe we've run into the "Aunt Minnie" problem. Aunt Minnie knows who she is, she wants to be her everywhere, and she has no desire to create a unique identity on every system she sees. So we shouldn't be surprised to see Aunt Minnie use her AOL ID and password for Web sites and such.
I tried something similar... (Score:2)
The only flaw we found was that mouse clicks can be monitored remotely all to easily. Not necessarily through a network connection, but just by looking over someones shoulder, even if you're some distance away. It was like typeing in a password, but the stars don't come up to mask your characters.
Eventually it all seemed nifty, but not very useful. We have since started looking into biometrics, particularly fingerprint ID systems [eyenetwatch.com]. Their cost is coming down quickly and they integrate well into Win2K. I'm now looking into how to get these things to work well with my Linux boxen.
what i do (Score:2)
As long as they make it interesting (Score:2)
"Blonde frontal, Redhead reclining, Brunette upper body... oooohh, look at the zoomies on that new asian chick in the lower right corner, will ya?"
"# Password rejected: try again".
Re:login required (Score:3, Funny)
Then all the better reason to be interested in an article about easy-to-remeber passwords. :)
easy to remember passwords (Score:2)
The point being of course, that for a password to be easy to remember, it does not have to be a literal word. It can be based on some other factor that is easily memorized, not based on words at all.
Re:login required (Score:2, Informative)
The Link [nytimes.com]
er, and if that doesn't, simply take the linked url in the sotry and replace www.nytimes.com with archive.nytimes.com
Re:Alright (Score:4, Insightful)
Re:Alright (Score:2)
-l
Re:Passwords (Score:2)
'changeme'
Oh yes, indeedy..
jf
Re:Passwords (Score:2)
password
the username
your company name
Re:Password in real life (Score:2)