Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Recognizing Your Own Handwriting As A Password

CmdrTaco posted more than 7 years ago | from the sounds-suspiciously-like-reading dept.

Security 151

Gary writes "A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer."

cancel ×

151 comments

Sorry! There are no comments related to the filter you selected.

How about poor geeks like me... (4, Interesting)

boaworm (180781) | more than 7 years ago | (#19715937)

...who virtually cannot write by hand anymore? I can't even write a proper signature, haven't been using hand writing since I was playing RPGs 10+ years ago.

I'd say it would be pretty hard to determine how my digits would look like.

Re:How about poor geeks like me... (5, Funny)

bumby (589283) | more than 7 years ago | (#19715957)

my digits looks like this:
012345679 (bitstream vera sans)

Re:How about poor geeks like me... (2, Interesting)

tha_mink (518151) | more than 7 years ago | (#19716277)

So, we're talking about multiple choice for passwords now? Sounds really secure.

Re:How about poor geeks like me... (2, Funny)

jimstapleton (999106) | more than 7 years ago | (#19716315)

Yeah, I can see it now:

"We only have a 10% break-in rate!"

Re:How about poor geeks like me... (1)

youthoftoday (975074) | more than 7 years ago | (#19716381)

That's over 89% success. Looks good to me.

Re:How about poor geeks like me... (5, Interesting)

Atraxen (790188) | more than 7 years ago | (#19716565)

It's a bad call if it's the only authentication entry, but if it's in addition to something else it might be good. Many banks seem to be going for the 'something you know, and something you recognize' auth motif (banking as one example, where you recognize and identify a preselected word or graphic.) Maybe soon for really secure accounts, we'll have a fairly painless set of layers, ala: something you have - the random PIN cards, something you know - pword, something you i.d. - (handwriting/picture/word)?

Re:How about poor geeks like me... (2, Interesting)

Jaxoreth (208176) | more than 7 years ago | (#19718009)

It's a bad call if it's the only authentication entry, but if it's in addition to something else it might be good. Many banks seem to be going for the 'something you know, and something you recognize' auth motif
My bank does this, but it's not to authenticate me -- rather it's so I can authenticate them as really being my bank and not a phishing site. TFA is talking about asking you to recognize something to prove who *you* are.

Re:How about poor geeks like me... (1)

flink (18449) | more than 7 years ago | (#19718135)

Often times, those pictures are there to authenticate the bank to you, not the other way around. The theory is that only your bank knows what picture you initially selected. If you see your picture on the login page, then it's legitimate. If you don't, it's a phishing site. Bank of America, for example, works this way.

Re:How about poor geeks like me... (0)

Anonymous Coward | more than 7 years ago | (#19717997)

Ate the eight?

Re:How about poor geeks like me... (1)

6Yankee (597075) | more than 7 years ago | (#19716321)

Mine are pink with nails on the end.

Re:How about poor geeks like me... (0)

Anonymous Coward | more than 7 years ago | (#19716575)

And what about geeks whose fingerprints are perpetually obscured by french-fry grease so they can't use the thumbprint reader? This is like requiring a capital letter or non-alphanumeric character or 8-character minimum in passwords: it discriminates against the txtg kidz who don't know how to use the Shift key or string that many characters together. Oh, the injustice!

Dude, just because you've voluntarily allowed yourself to become crippled doesn't mean we should feel sorry for you. Though I guess the Americans with Disabilities Act means we have to try to accommodate you. Just another example of creeping post-literacy in our society.

Re:How about poor geeks like me... (1)

erroneus (253617) | more than 7 years ago | (#19717063)

I'm definitely a member of that crowd. It gets pretty bad when it feels like you have forgotten how to write... I mean it sort of comes back, but legibility is so bad that it has people wondering if I am actually literate.

Handwriting and penmanship may well become one of the most important losses in modern civilization.

Re:How about poor geeks like me... (1)

BlackSnake112 (912158) | more than 7 years ago | (#19717453)

We could always go back to the old ways. You know, the stone age

Brute Force? (3, Insightful)

micksam7 (1026240) | more than 7 years ago | (#19715945)

This would make brute-forcing a password a little easier..

An attacker could simply select a hand writing at random till they get the right one.

TFA doesn't say anything about that.

Re:Brute Force? (5, Informative)

micksam7 (1026240) | more than 7 years ago | (#19715985)

To anwser my own question, I found a better article:

http://www.technologyreview.com/Infotech/18986/ [technologyreview.com]

Re:Brute Force? (4, Insightful)

necro81 (917438) | more than 7 years ago | (#19716261)

From parent post's link:

Renaud doesn't think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it.
The folks at Dynahand obviously don't know how bad hijacking someone's social network identity could be. While not as sensitive as banking or medical information, access to one's online profile is a pretty sensitive thing. A person pretending to be you on MySpace or Facebook could cause all kinds of damage to your reputation, lose you (real) friends, and leave an incriminating trail for any future employer to find. Even if you are able to regain control of your account via customer service, and could remove the offending material from your page, nothing is every really deleted from the Internet.

Re:Brute Force? (1)

Mister Whirly (964219) | more than 7 years ago | (#19718123)

If you are basing your "reputation" on your Myspace of Facebook site, I can tell you that your "reputation" is already damaged... Anyone who uses their full name on a social site needs to get their head examined.

Re:Brute Force? (4, Insightful)

SatanicPuppy (611928) | more than 7 years ago | (#19716029)

Why bother? My desk is covered with my clearly recognizable scrawl, and most of it is numeric just to add insult to injury.

While the idea of a system that depends on recognition is interesting (though in my mind, not terribly secure for the exact reason you stated), handwriting is probably the poorest example because we leave handwriting samples everywhere. It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...And hell, for this crowd, you don't even have to worry about that.

Re:Brute Force? (0)

Anonymous Coward | more than 7 years ago | (#19716077)

It would need a 'zoom' function...

Re:Brute Force? (5, Funny)

Joebert (946227) | more than 7 years ago | (#19716105)

That's the greatest caught masturbating at work coverup I've ever heard.

Re:Brute Force? (4, Funny)

Red Flayer (890720) | more than 7 years ago | (#19716185)

It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...
Why do you hate nudists and porn stars?

...And hell, for this crowd, you don't even have to worry about that.
Speak for yourself, I'm quite positive that several hundred people have seen my genitalia. Though I'm not sure they got a good enough look to be able to identify me in the short time my trenchcoat was open.

Re:Brute Force? (1)

SatanicPuppy (611928) | more than 7 years ago | (#19716225)

I didn't say it was secure, I said it was more secure.

An even better system would be to select a semi-random series of numbers, letters, and punctuation, that we could key in to uniquely identify ourselves...We could call it a "Secret Word" or a "Pass phrase" or something. "Password?" Nah. Not catchy enough.

Re:Brute Force? (3, Funny)

Red Flayer (890720) | more than 7 years ago | (#19716701)

Was entirely joking. Besides, wrt the genitalia of the slashdot multitudes, I thought we had all decided that security through obscurity was useless?

Re:Brute Force? (1)

SatanicPuppy (611928) | more than 7 years ago | (#19716853)

Heh. Well, since that's basically what this whole system boils down to, it's as good an example as any.

Re:Brute Force? (1)

clickclickdrone (964164) | more than 7 years ago | (#19716251)

I remember you!

Re:Brute Force? (1)

tverbeek (457094) | more than 7 years ago | (#19716487)

I could recognize my parents' handwriting easily. (All that time practicing writing notes from them for the teacher to let me out of class early, you know.) But my dad's secretary would be even better at recognizing his. She's the only one who could reliably interpret it, after all. Sure, that'd be an advantage to this system if you're the sort who gives your secretary your passwords anyways, but what if just maybe the secretary isn't supposed to have access to your confidential personnel files?

Re:Brute Force? (1)

SatanicPuppy (611928) | more than 7 years ago | (#19716567)

I've got most of the high level access at the place where I work; the only guy who has access to things that I don't, I could recognize his handwriting easily.

Of course, I also know his password off the top of my head, and he never changes it, so I guess the current situation isn't any better.

Re:Brute Force? (1)

morgan_greywolf (835522) | more than 7 years ago | (#19716063)

The link at the bottom of the article does ... it says that they would use a combination of timing and multiple picks to defeat brute-forcing. Too slow and it looks like an intruder -- too fast and it looks like a computer trying every possible combination.

How about using this as sort of a pictogram password? You draw out, let's say, 7 or 8 different shapes, scan them into uniform-sized pictures. They site shows you, say 50 or so different uniform-sized pictures for each of the 7-8 original shapes, in 7-8 passes. On the first pass, you pick 1 out of 50. On the second pass, you pick 1 out of 50, and so forth. Might take a long time, but you wouldn't have to remember a password, and it would be difficult to brute-force through either automated or non-automated means.

Re:Brute Force? (1)

SatanicPuppy (611928) | more than 7 years ago | (#19716189)

That wouldn't be much different from "Site key" style two-factor authentication schemes. It's still just a matter of guessing to crack it, and you could program a computer to guess slower, or get a person to guess more quickly.

I have distinctive handwriting, but it would still take me a few seconds (as long or longer than it takes me to type my average 10 character password) to identify my own handwriting out of a random selection of a dozen or two decoy samples.

I just don't think "Picking the correct answer" will ever be all that secure. The right answer is necessarily right there on the screen somewhere, as opposed to a strong password which is impossible for a human to guess, and extremely difficult to brute force.

Re:Brute Force? (2, Insightful)

morgan_greywolf (835522) | more than 7 years ago | (#19717037)

What's a password? 7 or 8 picks out of, at most, 52 letters, 10 digits, and 22 symbols, right? 7 or 8 picks out 84 possibles. If you want it as secure as a password, you just need 84 possibles, right?

Re:Brute Force? (1)

twistedsymphony (956982) | more than 7 years ago | (#19716741)

An attacker could simply select a hand writing at random till they get the right one.
Even easier than that.. analyze all options given, guess at random then when round #2 starts simply pick the one that matches a sample from round #1 if it's a string of numbers there should be enough numbers displayed to at least find one or two digits in common, and if they happen to show you one or more of the same alternatives displayed in round one you have at least one set you know it wont be (because you tried and failed) and a smaller set of choices to pick from (because you're only choosing from round 2 samples that match round 1 samples).

In all likelihood a fairly simple application could crack it on the 2nd try with consistancy. Heck if you're decent at picking out handwriting traits a human could crack it on the 2nd try with consistancy.

Giving out your phone number is risky... (0, Redundant)

babbling (952366) | more than 7 years ago | (#19715949)

This is the most stupid authentication mechanism I've ever heard of. Apart from people probably not recognising their own handwriting, there is nothing stopping others from analysing someone else's handwriting and gaining access to their accounts.

Slow news day, I guess.

Re:Giving out your phone number is risky... (1)

gsslay (807818) | more than 7 years ago | (#19716143)

there is nothing stopping others from analysing someone else's handwriting and gaining access to their accounts


From TFA; "Renaud doesn't think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records.

" It's an interesting idea, but clearly needs further work.


Apart from people probably not recognising their own handwriting


Are there really people that dumb or unfamiliar with their own writing?

Re:Giving out your phone number is risky... (1)

PhireN (916388) | more than 7 years ago | (#19716289)

My handwriting seams to take the form of what ever I'm copying, both handwritten and computer fonts, so across many classes, with different teachers my handwriting will be very different. As the article states, people have problems recognising other peoples handwriting, so since Its not my handwriting, but the writing of the thing I was copying to signup, I will have the same problem.

Re:Giving out your phone number is risky... (1)

Actually, I do RTFA (1058596) | more than 7 years ago | (#19716407)

Apart from people probably not recognising their own handwriting

Are there really people that dumb or unfamiliar with their own writing?

I cannot. Or rather, I cannot to the degree of speed and reliability that I type. The only things I ever write by hand are checks. Heck, I tried to write in cursive recently and realized, with the exception of my signature, which is all muscle memory, I don't know any of the capitals.

When's the last time you tried to record something on paper using a pen for your own reading later?

Re:Giving out your phone number is risky... (1)

residieu (577863) | more than 7 years ago | (#19716529)

Well, it depends. If there's two very nice handwriting selections, and one ugly illegible one I'm sure I can identify the illegible one as my own. But how similar are the alternate choices going to be? If the list was long enough and contained examples close enough to mine to provide any sort of security, I doubt I could pick out mine quickly or accurately. I'll acknowledge that there are people who are very good at identifying writing styles, but I'm not.

The thing with my signature is . . . (1)

Don_dumb (927108) | more than 7 years ago | (#19716193)

. . . that no two of my signatures are the same.

Re:Giving out your phone number is risky... (4, Funny)

Glytch (4881) | more than 7 years ago | (#19716379)

Exactly. In the old days, someone would have to find the stickynote on one's monitor that specifically had one's password written on it. Under this scheme, any stickynote at all will do!

Original, but... (2)

JakeD409 (740143) | more than 7 years ago | (#19715951)

Very cool and original idea... but I definitely wouldn't use it over passwords on anything important.

NOT original (0)

Anonymous Coward | more than 7 years ago | (#19717279)

Recognising personal pictures, writing or other personal data has been done many times before.

And it's crap, because the people you most need to guard against are the other people on the system. If I worked with you, how long would it be before I had a sample of some numbers in your handwriting? 10 mins? 20 mins? All I need to do is ask you to take down some phone numbers on a post-it!

 

Bad idea (-1, Redundant)

ari_j (90255) | more than 7 years ago | (#19715963)

This is just simply not a good idea. One reason, but certainly not the only one, is that many nerds can't recognize their own handwriting. I know I can't.

Re:Bad idea (2, Insightful)

SatanicPuppy (611928) | more than 7 years ago | (#19716111)

I could quite easily recognize my own...But so could anyone else who has ever seen it. Then there are those people with bland, unmemorable handwriting...How would you pick your handwriting out of a crowd when your handwriting looks like handwriting is supposed to look.

Additionally, the number of samples would have to be constrained to what a normal person could be expected to go through, so the odds of someone being able to guess it are huge. I mean, I could set my password to the crappy "Guess,15" and it would take millions of brute force guesses to figure it out, as opposed to checking 20 something handwriting samples.

I smell snake oil (-1, Redundant)

geoff lane (93738) | more than 7 years ago | (#19715969)

Interesting.

Does it work with typewritten characters? ;-)

Good luck (-1, Redundant)

ducomputergeek (595742) | more than 7 years ago | (#19715975)

I can't decipher my own damn handwriting!

Re:Good luck (1)

Joebert (946227) | more than 7 years ago | (#19716129)

You sound like me, I never sign the same way twice.

Picking and choosing = bad (3, Interesting)

Rob T Firefly (844560) | more than 7 years ago | (#19715989)

As novel as this whole handwriting angle is, doesn't this just amount to a multiple-choice test? There's always the off-chance of some random stranger getting in by sheer luck.

Additionally, that's not taking into account the massive amounts of ways someone could get samples of your handwriting. Besides the obvious garbage-picking, things like tax returns, property deeds, or other legal forms can often be public information, and there's a good chance you've written numbers on one at some point.

Re:Picking and choosing = bad (1)

Odiumjunkie (926074) | more than 7 years ago | (#19716087)

> There's always the off-chance of some random stranger getting in by sheer luck.

Especially if the stranger is using proxied bots to guess ten times a second. Assuming a generously extravagant implementation, you might have to correctly choose from 100 handwriting samples to log in. An attacker appears to be you on average 1 time in 100. Assuming a very weak password system, six characters, all lower case, no numbers or special characters, then your password is 1 among 26^6 possible passwords. An attacker appears to be you on average 1 time in 308915776. I think I'll stick to passwords.

You don't even need brute force... (1)

Joce640k (829181) | more than 7 years ago | (#19716683)

Go to the site twice and look at the two sets of samples presented to you.

It should be pretty obvious which handwriting sample appears twice...

If you know the person... (3, Interesting)

throup (325558) | more than 7 years ago | (#19715993)

I am not a cracker. I am not a phisher. I do not try to get into random people's accounts.

I can't help thinking that IF I ever did try to get into someone else's account, it would be to spy on or get revenge on someone I know. (Really, that isn't something I do. This is a big IF). In those cases, this would surely be so much easier. For example, I am sure I would recognise my family's handwriting.

I certainly remember, when I was a secondary school maths teacher, having to work out who had produces a certain piece of work by recognising the handwriting. Obviously, being maths work, this usually involved recognising digits.

Sometimes, simple is best (4, Insightful)

pzs (857406) | more than 7 years ago | (#19716037)

Passwords actually strike me as quite a good security method. A good password is difficult to guess by a person or by a machine and is very simple to implement, leaving less margin for error in the technology.

I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.

Peter

Re:Sometimes, simple is best (3, Insightful)

Jah-Wren Ryel (80510) | more than 7 years ago | (#19717579)

I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.
Users aren't always just morons. I know a person who has to keep track of 9 unique passwords with at least 3 different usernames, most of which are used once a week or less. All the systems have minimum length and complexity requirements, 90-day expiration and permanent lock-out if an account gets just three failed logins in a row. In his case it is potentially a go to jail offense to write down these passwords ANYWHERE, even in some sort of encrypted form.

In cases like that, the real morons are the people pushing their authentication complexity onto the users, not the users themselves.

Re:Sometimes, simple is best (1)

pzs (857406) | more than 7 years ago | (#19717795)

I see your point, although I guess your friend must be an unusual case.

I think you can get keyrings that manage your passwords for you, generating new ones when needed and with a single sign-on. From what you say, they might be out of bounds for your friend's job, but it sounds as though they should certify some sort of assistance technology to make their job possible...

Peter

Rap CD Sales Declining (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19716041)

After Years Of Decline Rap Music Sales Fall Off Cliff
White Buyers No Longer Consuming Negro Music

7/1/2007 11:50:29 AM
Discuss this story in the forum
Overthrow Staff

Los Angeles, California -- Sales of rap music CDs have fallen 33% this year, following a 20% decline the year before, more than twice the size of the decline in sales of Jewish- produced music overall.

The move against black music, which has led to a collapse in sales of all musical forms associated with Negroes, has been symbolized by the bankruptcy of Death Row Records, a once thriving Negro music company that produced rap stars Dr Dre, Snoop Dogg and Tupac Shakur, whose sales peaked at $200 million in the late nineties and is now bankrupt and $137 million in debt.

During its peak years, the superficially Negro production company was owned by Jewish media baron Gerald Levin. A late 1990s report by the National Alliance's William Pierce showed that Sumner Redstone, owner of MTV and CBS- Viacom, and Levin, owner of AOL-Time-Warner, owned almost all major rap music labels in the country.

Universal, Warner and Sony Music, all Jew-run companies, still control more than 90 percent of rap music sales in the country.

The primary reason for the decline in sales of rap music is a collapse of its appeal to white youth, who had accounted for most of rap music's popularity. White youth now overwhelmingly favor country and metal music, as they did back in the 1980s, before the growth of the rap industry.

The decline also mirrors changing attitudes about Negroes among white youth, who no longer buy into Jew propaganda that idolizes ghetto poverty, crack cocaine and violent anti-social criminality.

Sales of Jew-produced music have declined alongside sales of Jewish-owned newspapers and viewership of Jewish television programs, as the growth of the internet has opened up alternative sources of information that have cut the reach of Jewish media by more than half in the past ten years.

-----

Published by:

Overthrow.com / White Politics, LLC
ATTN: Bill White, Editor

Post Office Box 8601
Roanoke, VA 24014

http://www.overthrow.com/ [overthrow.com]
nationalsocialistworkers@yahoo.com

Re:Rap CD Sales Declining (0)

Anonymous Coward | more than 7 years ago | (#19716173)

LOL @ nigorz!!!! The j00z pwn they black asses x1000000.

Totally utterly useless on 2 counts (2, Insightful)

chiark (36404) | more than 7 years ago | (#19716045)

1. It's a shared secret. That's all. I was going to say "no better, no worse", but actually it's made significantly worse by being multiple choice.
2. Doesn't prevent MITM in any way whatsoever

Now the biometric of someone's typing rythm strikes me as a good thing, along with "PC fingerprinting" and trend analysis, but this suggestion is significantly worse than what we already have available on the market.

"3/10 - see me" would be my mark for this particular gem.

Re:Totally utterly useless on 2 counts (4, Funny)

glwtta (532858) | more than 7 years ago | (#19717197)

biometric of someone's typing rythm strikes me as a good thing

Haven't we been over this? That system assumes that you are always logging in at the same level of drunk - that's not feasible.

WTF (5, Funny)

egandalf (1051424) | more than 7 years ago | (#19716049)

I've got a simpler idea, why don't we just ask people a simple true/false question. I've got the first:

A single html radio-button form-based multiple choice question is a reasonable security measure.
A) True
B) False

But I think there should be an option "C," though that would make this not a real t/f question:
C) WTF?!

Re:WTF (1)

Hognoxious (631665) | more than 7 years ago | (#19716243)

But I think there should be an option "C," though that would make this not a real t/f question:
C) WTF?!
As any fule kno, a boolean can have one of three values: true, false, or file-not-found. [worsethanfailure.com]

Re:WTF (1)

DavidD_CA (750156) | more than 7 years ago | (#19717243)

D) Cowboy Neal

seriously... (1)

_Shorty-dammit (555739) | more than 7 years ago | (#19716057)

how on earth did anyone ever think this was a good idea? Finding samples of someone having written down numbers is not hard by any stretch of the imagination. As someone already pointed out, simply asking someone to write down a phone number for you, not even necessarily theirs, would get you such a sample. Sometimes people can be pretty dumb.

Re:seriously... (3, Interesting)

Alioth (221270) | more than 7 years ago | (#19716231)

Because it wouldn't help them.

Almost 15 years ago, I was working on a demo system for a more secure way of issuing benefit payments (at the time, the payee had a paper booklet, and there was quite a lot of trouble with stolen booklets). We investigated what we could practically put on a smart card (similar type of smart card as what is in modern credit cards). One of the things we investigated was signature recognition.

We had a system that did it extremely well, well enough that we never managed to forge another person just signing with an "X". The system not only looked at the shape of the writing, but the way the person wrote - the speed, accelerations, stroke weight etc. The genuine user could be recognised even if they signed fairly scruffily (the system didn't return 'true' or 'false', but rather a confidence). However, another person even if they signed their X to LOOK as much as the original person's X looked would get a very low confidence score.

This was almost 15 years ago - the technology was pretty damned good (but quite expensive) at the time. We managed to get the signature, the person's details and a photograph onto the smart cards of the day (I think they had 8K of storage). The signature took up 1K.

Re:seriously... (1)

jafiwam (310805) | more than 7 years ago | (#19717377)

(didn't RTFA)

As the sole means of access, you are right it's a ridiculous idea.

However, as a combination of the account number, the password and this thing... it acts as a captcha AND it helps the organization identify the user (who might be at a public terminal, or on a different OS or whatever) in a way that is much harder for a keylogger or infected computer to track.

For example, given time, my login and "personal question" answers can get logged by an infected machine and used.

This raises the bar a bit and causes the rootkit or whatever you want to call it to need to keep a copy of the image the user clicks on, and then have it in a form that the attacker can use to get into the account.

So phishing sites are going to be harder to do (let's face it, some of them really suck now, but are still used because they still _work_), and an aggressive and careful attacker needs to do a lot more too.

As a password = dumb. In replacement of captcha/personal questions, not so dumb.

I think the article summary just uses the word "password" as a simple "sorta means the same" for a word to make it understandable to a wide audience.

have to hide my hand writing? (4, Insightful)

janneH (720747) | more than 7 years ago | (#19716073)

What, now I have to bring a typewriter everytime I go to the restaurant - to fill in the tip and total?

Re:have to hide my hand writing? (1)

Joebert (946227) | more than 7 years ago | (#19716141)

Nah, the waiter will just use the frequent patron system to sign it for you automaticly.

Re:have to hide my hand writing? (1)

MollyB (162595) | more than 7 years ago | (#19716221)

Nope. It'll take some practice, but you can use your left hand (assuming you're a righty) for scrawling totals. Alternatively, you can stave off dementia by doing the arithmetic in your head... (not a jab at you--but for me it's a non-trivial matter) 8)

Re:have to hide my hand writing? (2, Funny)

CrazyTalk (662055) | more than 7 years ago | (#19717275)

Nope, do what I do - never leave a tip.

Wrong direction (1)

WillAdams (45638) | more than 7 years ago | (#19716127)

They should instead be requiring the use of a graphics tablet or Tablet PC and requiring the user to write a given number sequence --- then they get the additional input of speed, pressure, stroke order / direction which makes things reasonably secure (even a person who can forge another's writing isn't likely to get all of the above as consistent as a person using their normal hand).

Doesn't even require much more from the user in the way of hardware (trades off a scanner for a graphics tablet).

William

Re:Wrong direction (1)

b0z0n3 (1086487) | more than 7 years ago | (#19716311)

Well, people who are good at creating fake art can usually get the strokes right when they paint with brushes. That also requires the right paint and canvas. So as long as anybody reallly is good and makes an effort, they can fool the computer since nobody writes exactly the same way every time.

How? (1)

Junior J. Junior III (192702) | more than 7 years ago | (#19716151)

I can't even recognize my own handwriting half the time.

Re:How? (1)

stormi (837687) | more than 7 years ago | (#19717107)

Neither can I... and if I think back to highschool I have vivid memories of the teacher saying "Ok, there are 3 papers with no name" and we all would go up and debate whose handwriting it looked like. Most people could not recognize their own and had to look for answers they knew they had put down, or notes or doodles in the margins.

Uh what's the point? (1)

TheLink (130905) | more than 7 years ago | (#19716167)

Like some security expert has said: just write down your passwords onto a small piece of paper and keep them in your wallet/handbag.

If you lose your wallet/handbag, call up the banks to cancel your cards etc, call up the rest to cancel your passwords.

You're keeping it in a fairly secure place.

Old idea and a badly implemented one at that (2, Interesting)

clickclickdrone (964164) | more than 7 years ago | (#19716199)

Back in the late 80's, a UK bank did some R&D on this area and came up with a novel idea. It was signature recognition BUT rather than analysing the actual signature, it 'listened' to the pen on the paper as it moved. They found that anyone (well.. some people anyway) could do a fair replication of someone else's signature if they went slowly but it was almost impossible to recreate someone's signature at the same speed and with the same pressure/flourishes.
In case anyone reads this and copyrights the damn thing, there is prior art and it worked. They just didn't think the market was ready for it.

Ok, but what happens when... (1)

s31523 (926314) | more than 7 years ago | (#19716215)

... You get an injury that makes your hand writing change, like a bad break in the hand, or a stroke or something? I am sure you could answer the secret question or whatever, but you have to ask, how consistent is handwriting that a program could use it to authenticate a person?

What a stupid concept (4, Insightful)

Mock (29603) | more than 7 years ago | (#19716229)

Here's how you crack it:

1. generate a bunch of new sessions to the login page.
2. Identify samples that appear more often than others.
3. Recognize the handwriting style.
4. Log in.

Re:What a stupid concept (1)

Kris_J (10111) | more than 7 years ago | (#19716725)

And if you're having problems, just mail a hand-written note to the helpdesk quoting the following job number: 1765930248.

I'm screwed (1)

JasonWM (991689) | more than 7 years ago | (#19716239)

My wife's been signing my name on checks and documents for years.(Yes, I know...)
I don't even think I can remember what my name is anymore anyway...

computer recognize my handwriting? (1)

192939495969798999 (58312) | more than 7 years ago | (#19716245)

wouldn't it be more effective to have the computer recognize my handwriting, i.e. I write something and the computer goes "yep, thats the guy"? That way, the computer would know it was me w/o a password, and it wouldn't just be multiple choice or whatever. Of course, handwriting recognition is really, really hard to do quickly and effectively enough to narrow down between thousands/millions of users compared with a password.

Recognizing Your Own Face As A Password (1)

3-State Bit (225583) | more than 7 years ago | (#19716281)

For immediate release.

Slashdot, USA. A new online authentication system called Dynaface could make logging in to websites a little easier. With Dynaface, users simply identify their own face, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's sample photographs are made under a variety of hair styles and lighting conditions, since the shape and other characteristics of a person's face are harder for an outside party to recognize than hair and lighting is. The lighting and hairstyle used are random, so the shape of the face is the only clue to the correct answer."

How about typical credential operations? (2, Informative)

Lethyos (408045) | more than 7 years ago | (#19716291)

There is no improvement here over biometrics or other credentials falling into the “something you are” category. How do you revoke this credential? How do you limit its scope? I would even argue this is worse than a password because it is not easily changed, and worse, your signature is very public. Consider how many documents you have floating around with your hand-written signature on it. You really want to use something that can be learned and easily reproduced as a secret? Nonsense. We need real solutions (OpenID [wikipedia.org] is a start), not rehashes or regressions of old schemes.

would not work for me (1)

pablo_max (626328) | more than 7 years ago | (#19716337)

Clearly, they have never seen my writing. No one is able to identify it, least of all me! Really..I never know how it will look. I can just imagine being trapped out of all my sites!

This isn't handwriting recognition! (1, Redundant)

hcdejong (561314) | more than 7 years ago | (#19716345)

Half the replies so far assume that you have to supply a sample of your handwriting every time you log in. That's not what this system does!
This system just presents a few lines of handwriting, and invites you to choose the correct one. A useless system, basically reducing security to a 1-in-10 guess. This is supposed to be developed by a university?

Re:This isn't handwriting recognition! (1)

TechForensics (944258) | more than 7 years ago | (#19716533)

Well, if they had you do it four times in a row, that would be 1 in 10,000 security, right?

Re:This isn't handwriting recognition! (0)

Anonymous Coward | more than 7 years ago | (#19717075)

Joking right?
'cause if they got the first one right, they have the text sample to try and infer 2-4

Re:This isn't handwriting recognition! (0)

Anonymous Coward | more than 7 years ago | (#19717989)

... and even if the events aren't chained (no feedback 'till end of sequence) they can still notice repeating samples.

Re:This isn't handwriting recognition! (1)

weicco (645927) | more than 7 years ago | (#19717941)

That and I think drinking and login is out of the question too ;)

Genital Recognition (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#19716365)

Id rather take a picture of my genitals and choose those from a list of several picures. There are are no pictures of my genitals flying around, that I know of. That I think is abit more secure than mutliple choice had writing recognition. Hell what if there was a device that would scan your willy and grant or deny access. I think people would be all over that one. Patent! Patent! You heard it here first!

I am a doctor, (1)

Animaether (411575) | more than 7 years ago | (#19716403)

you insensitive clods!

study on doctor's handwriting (0)

Anonymous Coward | more than 7 years ago | (#19716467)

I suggest "DynaRant" instead (1)

giafly (926567) | more than 7 years ago | (#19716527)

With Dynahand, users simply identify their own handwriting
I suggest a system that recognizes your political views. It would display "Iraq", "Immigration" or "Global Warming" etc., you would react furiously, and it would recognize your personal opinions.

This would be much simpler than the proposed scheme, as no real Internet user ever writes by hand, but most are expert at spouting loony political gibberish.

I'd be locked out of all my logins (1)

hellfire (86129) | more than 7 years ago | (#19716609)

My signature is worse than the worst doctor's handwriting that you can imagine. In 8th grade, when reports were still mostly handwritten, my teacher insisted I started printing because my cursive was atrocious. Printing wasn't much better. I'm very happy to do everything electronically now.

My signature is never the same twice because I just write too fast and too frantically. Handwriting analysts would have a conniption trying to determine if my signature was real or forged. A security program would do a core dump trying to verify my signature is correct.

Such a security program above would be impractical for someone like me.

False positives (1)

Mornedhel (961946) | more than 7 years ago | (#19716619)

Someone already pointed the typing rhythm method of identifying an user. This method suffers from exactly the same problem : there is a large number of factors that can modify one's handwriting or typing rhythm. Drinking alcohol (even as little as in your average beer can) may completely bar you from accessing your typing-rhythm-protected account (read that somewhere a few years ago). I'm guessing even a minor hand or finger injury will probably change your handwriting as well.

Post-its to become banned (1)

FryingDutchman (891770) | more than 7 years ago | (#19716669)

Anyone could look down at the desk, around the keyboard, or under the phone at the multitude of "Interview @ 4:30, 242-977-6443" and crack that one. You'd be better off having the user pick their signature, at least most people keep their signed documents in a drawer.

Good (1)

jshriverWVU (810740) | more than 7 years ago | (#19716729)

While I don't like this for security purposes, but if this is 100% accurate we are one huge step forward in the art of OCR. As a Project Gutenberg volunteer, I can't wait for the day when I can scan something and OCR will get it 100% correct. 1 l 0 O etc.

Weak. (1)

DarkRecluse (231992) | more than 7 years ago | (#19716751)

I just want to sign up, write something, and have the password security indicator tell me I provided weak handwriting.

Hand Writing??? (1)

popo (107611) | more than 7 years ago | (#19716781)

How quaint. Seriously, I can't remember the last time I wrote by hand.

Good. (1)

morari (1080535) | more than 7 years ago | (#19716857)

A new online authentication system called Dynahand could make logging in to websites a little easier.
I've always found that quickly typing in a six character password to access simple websites was far too difficult.

Use photos (1)

bytesex (112972) | more than 7 years ago | (#19716905)

Just make an institution that wants to verify you, send you cut-outs of faces of several hundreds of family pictures that you've taken over the years. The pictures should be analog and old, so that they won't have been on a facebook-like site. Also, have them make you write a random story, in pen, the individual sentennces of which will be presented back to you. Mix everything up with everything else, distort a little, and present back to the user when they want to log in. Postfix with user-chosen password and small-device based challenge-response. Separate actions with separate verifications. Should all in all take almost half an hour now, but verified you are !

School hands (1)

kahei (466208) | more than 7 years ago | (#19717011)


Well, I can't write. I did my degree before they had word processors (or at least before they were ubiquitous) and for that I learned to handwrite and then immediately forgot. When I want to write 'CAT' I have to think about how I'm going to make the A -- sometimes I make it an upside down U with a line, sometimes it's more like a capital delta. I know I'm not alone(*).

My wife has a much worse problem, though. She was taught to write according to an exact model, with iron-hard discipline and years of training. Every single person who learned to write in her town in that decade uses EXACTLY the same writing.

If only there were some way to authenticate based not on something which changes even when you don't want it to (like how you write), nor on something that can't be changed even when you need to (like your fingertips). If only we could use some kind of mental trace that the user is aware of but that nobody else can perceive -- maybe a word or other sequence of symbols stored in the actual brain itself.

That'd rock. But the technology is probably decades away.

(*)In terms of handwriting. Spiritually, I may well be alone... so very very alone... *bursts into tears at desk*

Not so good (1)

sjames (1099) | more than 7 years ago | (#19717537)

Let's see, not content with excluding only the blind, they have also decided to exclude those who can't use their hands, those with a more or less random tremor, and those of us who never write anything quite the same way twice.

They should try MY new authentication scheme. It displays a randomly generated question and based on your answer chooses exactly which insulting message to return before refusing access. Nobody will ever break in! It excludes everyone equally so you don't face a discrimination suit. Finally, now that everyone is locked out, it saves the trouble of actually implementing anything else. I'll call it SuperUltraMegaWeb 3.0 That should get the vc rolling in!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>