Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Graffiti as Password - Secure and Memorable

Zonk posted more than 6 years ago | from the crouching-tiger-hidding-content dept.

Security 76

Al writes "A group from Newcastle University has released work that significantly improves the Draw-A-Secret method of creating passwords. The basic concept behind Draw-a-Secret is that humans excel at image recognition and memory, so 'passwords' should be designed to leverage that ability. The people behind the new work have refined the technique by parsing the shapes with a flexible grid and using existing images as a background to reinforce memory of the password. Imagine having your password be a graffiti-laden alteration of your favorite politicians campaign photo..."

cancel ×

76 comments

More secure, less useful. (3, Insightful)

srollyson (1184197) | more than 6 years ago | (#21233347)

It's tough to imagine hand-drawn passwords becoming much more popular than USB fingerprint readers. True, they increase security over standard text passwords, but how am I supposed to give a throwaway password to a coworker so that he can use my machine while I'm on vacation? The only thing that would make this more ubiquitous than fingerprint readers is the fact that you can use pre-existing touch screen or stylus interfaces as described in the article. In my opinion, this technology won't be able to fill the needs of anything more than a niche market. Nor will people need more than 640K RAM.

Re:More secure, less useful. (1)

Ragein (901507) | more than 6 years ago | (#21233469)

I see the point but come on how many of us actually have a touchscreen on ALL of our web browsing devices? This idea is a non started unless it will upgrade my macbook into a tablet.

Re:More secure, less useful. (5, Informative)

vertinox (846076) | more than 6 years ago | (#21233685)

True, they increase security over standard text passwords, but how am I supposed to give a throwaway password to a coworker so that he can use my machine while I'm on vacation?

Um... Not to side track. That is just a bad security practice. If you need to give your coworker rights to your computer, you give him rights to log into that work station with his name and password.

If he needs to get to your profile or files, then you simply give him the same permissions to access those files. In a windows environment, I would add him to the users so he could log into the machine locally and then set folder permissions to read/write to C:\document and settings\(my profile). On a Mac, I would give him read/write to my home directory. (Of course I don't trust my coworkers that much so I'd put the files they need access to in a single shared folder and let them have at that)

Of course you need to be on a domain of sorts and/or have rights to modify permissions on the files and folders that you own.

If you don't have the permissions to do so (which means IT security doesn't trust you), then I suspect your IT security would beat you with a large 2 by 4 if they found out you gave your password to a coworker.

Re:More secure, less useful. (1)

srollyson (1184197) | more than 6 years ago | (#21233765)

Um... Not to side track. That is just a bad security practice. If you need to give your coworker rights to your computer, you give him rights to log into that work station with his name and password.
That's a good point. I'll admit, I've only done this once and I should probably be slapped for my laziness.

Re:More secure, less useful. (0)

Anonymous Coward | more than 6 years ago | (#21234115)

IT security would beat you with a large 2 by 4 if they found out you gave your password to a coworker.
I didn't know 2 by 4's could be found in "small" or "large" sizes.

captcha: contact. Indeed.

Re:More secure, less useful. (4, Funny)

Anonymous Coward | more than 6 years ago | (#21234517)

Someone invented a third dimension a few years ago.

Re:More secure, less useful. (0)

Anonymous Coward | more than 6 years ago | (#21235631)

So that's what that large disturbance in space time was, and I was beginning to wonder where my feet disappeared to when I put them out in front of myself.

Re:More secure, less useful. (2, Insightful)

forkazoo (138186) | more than 6 years ago | (#21234467)

Um... Not to side track. That is just a bad security practice. If you need to give your coworker rights to your computer, you give him rights to log into that work station with his name and password.


I don't disagree that the OP was suggesting bad practice. But, whether you are giving them the password for your account or for their own, you still need to allow somebody a way to initially authenticate, so they can pick something of their own. How exactly do you say, "Hey bob, I've set up an account for you, you can log in with the username bsmith, and the passdoodle... ummm... well, you sort of color in the bird, then outline a house over on the left, and..."

Re:More secure, less useful. (1)

diskis (221264) | more than 6 years ago | (#21234621)

You are now assuming that the entire authentication process stays unchanged, and why would it with something completely new? How about an authentication server? Bob logs in on your computer. Your computer sends Bob's doodle to the authentication server which replies if it is Bob or not. Let Bob log in with his own doodle, associated with his account.
Thats not even a new technology, kerberos works kinda that way.

Re:More secure, less useful. (1)

forkazoo (138186) | more than 6 years ago | (#21236173)

You are now assuming that the entire authentication process stays unchanged, and why would it with something completely new? How about an authentication server? Bob logs in on your computer. Your computer sends Bob's doodle to the authentication server which replies if it is Bob or not. Let Bob log in with his own doodle, associated with his account.
Thats not even a new technology, kerberos works kinda that way.


Yes, I've managed NIS and Windows domains, so I'm aware of the idea of an auth server. But, my question remains. How do you "tell somebody their initial password" when their account is first created? It makes no difference if you are creating the account on a specific workstation, or on a server controlling access to a whole network. It seems like the only practical way to do this is to have the admin actually sitting with the new user when the account is created so that they can create their own doodle. Seems like an administrative annoyance. The only alternative is to let somebody login initially with a traditional password, and then ask them to change their authentication settings to the passdoodle mode after they are logged on. (And, you just have to trust your users to take the time to do that when they are eager to start getting something done.)

I guess you could force the second option, and have the ability for an administrator to reset a password but tick a box for "user must create passdoodle on first login," which forces the user through the steps before they can do anything else. That seems like the only way for something like this to catch on in any kind of Enterprise setting.

Re:More secure, less useful. (0)

Anonymous Coward | more than 6 years ago | (#21239579)

It seems like the only practical way to do this is to have the admin actually sitting with the new user when the account is created so that they can create their own doodle. Seems like an administrative annoyance.
Yes it is an annoyance, but all security adds inconvenience. The admin that is present when the user does not have to be IT staff, rather they could be a member of management with the privileges to perform that step after the account is created. When I worked in a bank, I think IT set up my account, but a member of management had to activate my smart card where I entered a PIN code for it. It is an annoyance, but it is perfectly workable doing this for Enterprise.

Re:More secure, less useful. (1)

tgd (2822) | more than 6 years ago | (#21245919)

The same way you do if you are doing biometric or prox authentication in a situation where there aren't usernames/passwords -- you enroll at an enrollment station with an alternate proof of identity (which could be an employee badge shown to a real person, a single-use PIN mailed to your house or a slew of other methods)

This isn't uncommon.

Re:More secure, less useful. (1)

complete loony (663508) | more than 6 years ago | (#21237239)

And what specifically is on your workstation that is so vital to the company that you need your coworker to use your machine to have access to it? Why isn't it already reachable on the network and backup up remotely?

Re:More secure, less useful. (1)

JDHowells (1139317) | more than 6 years ago | (#21238979)

Do you hand your fingertip to your colleague when you go on vacation? As difficult as giving him your hand drawn password would be, it might still be easier than spending your time looking like you annoyed the Yakuza.

Re:More secure, less useful. (1)

corpsmoderne (1007311) | more than 6 years ago | (#21240453)

It's tough to imagine hand-drawn passwords becoming much more popular than USB fingerprint readers. True, they increase security over standard text passwords, but how am I supposed to give a throwaway password to a coworker so that he can use my machine while I'm on vacation?
When was the last time you let one of your fingers to a cowroker while you're on vacation?

Dupe (1, Informative)

damaki (997243) | more than 6 years ago | (#21233349)

http://it.slashdot.org/article.pl?sid=07/11/01/2241246 [slashdot.org]
Nothing to see, move along.

Dupe as password! (3, Funny)

EmbeddedJanitor (597831) | more than 6 years ago | (#21233563)

That wouldn't be sucure would it?

Not a dupe (5, Informative)

phaunt (1079975) | more than 6 years ago | (#21233635)

No, this is not a duplicate, but an improvement on the Draw A Secret technology discussed there, as is stated in the summary:

The people behind the new work have refined the technique by parsing the shapes with a flexible grid, and using existing images as a background to reinforce memory of the password.
This as opposed to the DAS technology, that uses a rigid grid and a user-drawn background image.

Re:Not a dupe (2, Informative)

damaki (997243) | more than 6 years ago | (#21233671)

From the previous article :

By superimposing a background over the blank DAS grid, the Newcastle University researchers have created a system called BDAS: Background Draw a Secret. This helps users remember where they began the drawing they are using as a password and also leads to graphical passwords that are less predictable, longer and more complex.

Re:Not a dupe (1)

phaunt (1079975) | more than 6 years ago | (#21233711)

I stand corrected; I was under the impression that their background image was user-drawn, but in fact it wasn't.

However, in that article [ncl.ac.uk] , there is no mention of a flexible grid; in this one [arstechnica.com] , there is.

Re:Dupe (1)

failedlogic (627314) | more than 6 years ago | (#21235393)

Let's remove the dupe tag. Replace it with Short-Term Memory.

not as memorable as my first fisting (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21233377)

My first contact with fisting was, of course, in San Francisco.
I was out on the coast for a round of job interviews in the Bar
area. My fluffy-sweater acquaintances in Cincinnati had scoped out
the territory the previous summer and were full of dire warnings
about South of Market in general and The Hothouse in particular,
so of course that was the first place I headed. Now, fisting
wasn't exactly a deep, dark mystery to me...somewhere along the
line I had acquired the book from the movie classic "Erotic Hands"
and I'd been jerking off to that for quite a while. You might say
I was into the concept if not the reality.

Well, The Hothouse was everything I had been warned it was...humpy
dudes wandering around in body harnesses leading their slaves on
leashes, the whole trip. I nearly came when I walked into the
shower room hunkered down on a plastic hose while he sucked his
buddy's oversize cock. I checked out the sling rooms, but I spent
most of the night doing conventional if rougher-than-usual sex.

I fell asleep with my door cracked. The next morning I woke up
with this warm, wet feeling on my arm. I looked up and there was
this hairy, muscular little dude impaled on my arm to the elbow!
Holy shit! He looked down at me and grinned "Good morning" "Good
morning yourself fucker." " Can you dig it!" "For sure, but I've
never done it before" Well, that turned his motor on, and soon
became oblivious that he wasn't gonna dismount my arm until he had
showed me all the right moves. We ended up with me punch-fucking
him doggy--style with a cheering audience of six or seven
leathermen. Well, my arm was busy most of the morning, but my
asshole stayed virgin.

I sorta filed the experience away and chewed on it until my next
trip to the coast. I only knew one dude in Cincinnati that was
into handball, and we were friends, not fuck-buddies, so I didn't
get a chance to practice again until another job interview took me
to San Diego. The job panned out. and I moved to California.

Now, you have to understand where I was coming from. Cincinnati
is one of the most tight-assed Republican cities in the Midwest.
There was one gay bar and no baths. If you wanted steam you had
to drive to Cleveland, Toledo or Chicago. So the first couple of
years in San Diego I was like a kid in a candy shop...baths, bars,
and Balboa Park!

I fisted if I was asked, and if I was in a "top" mood I got off on
it to a certain extent, but something was missing. What that
"something" was I found out one night at the old Fourth Avenue
Baths in Hillcrest. I was cruising the "open" rooms and came
across this hot little blond surfer-type. We started getting it
on, and our hands both started to go for the ass about the same
time, so he called a halt to go fetch the Crisco and poppers. Now,
fisting wasn't particularly on my mind...I figured we'd trade fucks
and that would be that. How was I to know that gay surfers in San
Diego get into handball?

Well. pretty soon we were pretty busy finger-fucking each other
while we sixty-nined. Then he called a halt and sat up and looked
at me. "Wanna go further?" "As in what?" "Fisting, man." "You
or me?" "Whatever," he muttered. "Well, I've never had it, but
I'm up for trying." Bingo! The idea of a virgin really pushed his
button, so pretty soon I'm on my back with my ass propped up on a
pillow and him sitting cross-legged below me.

"Your head's gonna get it done for you" he told me. "You gotta
want me inside you. It's just like takin' a big cock. It'll hurt
like hell goin' over the widest part of my knuckles, but then once
it's inside you're gonna lose your mind!" Well, we had smoked a
couple of joints and I was pretty mellowed out and the dude wasn't
tryin' to hurry me. We rapped about all kinds of shit, but all the
time there was this gentle but insistent pressure at my asshole.
"How much you got in?" I'd ask him from time to time but he
wouldn't tell me. "Don't worry about it...just relax and enjoy."

I kept playin' with my cock and that made my ass tighten up, so he
pulled the laces from his boot and tied my hands behind my head so
I couldn't jack off. Now I don't usually do bondage with a
stranger, but we were really into each other's heads by now, and
I figured what the shit, my legs were still free to kick if he got
radical.

We kept on like this for about an hour...then he looked me in the
eye and said, "Pull your knees back to your tits." "is this it,
man? I'm not sure I'm ready." "You're ready...your fuckin' ass
is just beggin' for my hand. Cummon, pull 'em back." He got up
on his knees and started pushing my legs down with his chest until
his face was right over mine. "Common, man, take my fuckin' fist.
You can do it!" He shoved a popper under my nose and my ass caught
fire! One fiery bolt of pain and he was in! The fucker had his
goddamned fist up my butt. "Slow deep breaths, man...take slow,
deep breaths. Get used to it, then we'll play." Now I was leakin'
gum like a firehose by this point. I couldn't imagine it getting
any more intense/painful/better, but it did. He gave me a few
minutes to calm down, then he shoved the popper under my nose again
and started to make a fist inside me. "AAAAAAARRRRRRGGGGHHH! Take
it easy man!" "Just makin' the fist, dude. Now I'm gonna do a
little twistin'." "Well, he did a little twistin' and I did a lot
of twistin' and yellin', but he just kept at it, slow and steady.
I drifted into a semi-trance impaled on this hot little dude's
hand. Experienced bottoms say that there's a good deal of yoga and
meditation involved...now I understood what they meant.

He looked down at me and grinned. "REady for a little depth?"
"You're running this trip, man. You got me fuckin' tied up and
held down so I can't move anything but my eyelashes. Guess if you
wanna go for dept I'm gonna have to go along! "Fuckin'-A-right!
You just slide down on my arm fucker. We're gonna go for the
elbow!" Now, that might sound a little bit radical for the first
time, but once he'd gotten in past the knuckles it was a matter of
degree. Actually, his outstretched hand and forearm was easier to
take than the clenched rotating fist. "Can you sit up?" he asked
me after awhile. "If you help me" "I want you to see, man.
You've got my fuckin' arm up to the elbow!" I didn't believe him,
but he pulled me up until I was bent like a pretzel and I could see
my red, tautly-stretched asshole around the beginning of his
muscular bicep. "I gotta cum, man," I moaned. "I gotta cum so
fuckin' gad!" "Oh, yeah, shoot your fuckin' load! Cummon,
motherfucker, shoot it!!" He was givin' me long, slow strokes with
his arm...all the was out to the wrist and then all the way back
to the elbow! He grabbed my cock and it was all over. I must have
shot for five minutes! The first load landed on the wall over my
head. "YYYYEEEOOWWW! OK. OK, ease out, man,ease out! He slowly
withdrew his arm and we collapsed.

"Like it?" he grinned. "Like it! Jesus, I loved it! You have
great hands man." "You might be sore for a day or two." "That's
cool." "Wanna do me?" "As soon as I catch my breath." We
stretched out and dozed for awhile then I started to get itchy to
get into his ass. It only took him about half and hour...he was
experienced, but I have fairly big hands. He started to get a
little worried, though, when I started sneakin' a couple of extra
fingers up along side my hand. "Hey, uh, I don't think I can take
much more." "First time for everything, dude." I chuckled. "Yeah,
well, I guess, only go easy, man, OK?" "No problem...just relax
and enjoy." Well, about another fifteen minutes I was shakin'
hands with myself inside this dude's steaming hole, and it was his
turn to beg. "Oh Christ, let me cum, please! Jack me off, man.
I gotta cum!" Well, that presented a problem since both my hands
were busy, so I took his aching cock in my mouth. He arched his
back and his asshole tightened around my wrists until I thought
they were gonna break. He shot so hard I thought I was gonna
drown! "JJJJJEEEEESSSSSUUUUUSSS! Take it out...please take it
out!" I slowly pulled one hand after the other out of his
exhausted hole. We staggered to the showers and soaped each other
down, and then we crashed. We exchanged phone numbers and played
a couple of times after that, either at the baths or at the FFA
parties. I lost track of him, and the Fourth Avenue Baths closed
down, but I'll never forget him.

Re:not as memorable as my first fisting (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21233429)

Why don't you post with your real account so we can hook up....? I have an asshole of a seven year old dying to be penetrated for the first time.

Re:not as memorable as my first fisting (-1, Flamebait)

damaki (997243) | more than 6 years ago | (#21233553)

Glad to see that even slashdot does not lack crack-smoking dumbasses.

Re:not as memorable as my first fisting (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21233783)

Are you the one who posted the fisting story? It was very well written. Thank you!!

Re:not as memorable as my first fisting (0)

Anonymous Coward | more than 6 years ago | (#21234339)

I agree! Thanks damaki !!!!!!!

Re:not as memorable as my first fisting (1, Funny)

Anonymous Coward | more than 6 years ago | (#21234583)

You should have attended a slashdot 10-year anniversary party. Lots of buttsex, believe you me. My asshole still hurts! We (Ann Arbor, Michigan) decided to make it a monthly event!

Re:not as memorable as my first fisting (0)

Anonymous Coward | more than 6 years ago | (#21233753)

Fisting is good for hemorrhoids. A doctor told me that. At least, he said he was a doctor.

Re:not as memorable as my first fisting (0)

Anonymous Coward | more than 6 years ago | (#21234851)

Dr Mario is not a real doctor!

Myspace crackers would love this (5, Interesting)

antifoidulus (807088) | more than 6 years ago | (#21233417)

odds are the password of a 14 year old boy would be a spacegun, so that pretty much gives you control of half the accounts on there :P

Re:Myspace crackers would love this (2, Funny)

Aesir1984 (1120417) | more than 6 years ago | (#21233527)

Spacegun? Having been a 14 year old boy at one point I can tell you it the password would be a picture of an attractive, scantily clad woman. Actually that would probably still apply today...

Re:Myspace crackers would love this (0)

Anonymous Coward | more than 6 years ago | (#21234613)

Maybe this type of password is not such a good idea after all considering the number of us that I now realize have this same password.

Re:Myspace crackers would love this (5, Funny)

tweak13 (1171627) | more than 6 years ago | (#21233557)

odds are the password of a 14 year old boy would be a spacegun
Is that what the 14 year old kids are calling it these days?

Spacegun ? Start with lower complexity form (1)

aepervius (535155) | more than 6 years ago | (#21238147)

Like star or heart or circle, or square. Ever wondered why mentalist magician act work so wonderfully when they ask the public to chose a shape ? That's because most people will always chose the same shape. I am not sure if you increase or decrease the security because the dictionary attack would be easier (a few form that many people would use) but the possibility for each form would be higher than a simple lower case/upper case...

People are forgetting something (3, Interesting)

gilesjuk (604902) | more than 6 years ago | (#21233503)

Firstly, passwords are used a lot on the web. Having a password system where you have to draw limits the use of websites when using a mobile device.

Secondly, if people can't see they can't easily use a system where you draw.

Other problems are what language or plugin do you use? flash, java?

You also have to store this information in a database in some form. These methods prevent brute force attacks but won't stop people using SQL injection and other exploits.

Re:People are forgetting something (1)

damaki (997243) | more than 6 years ago | (#21233633)

Secondly, if people can't see they can't easily use a system where you draw.
It does not seems to prevent captchas from popping everywhere, then it should not make a difference to deliberately ignore blind people some more.

Re:People are forgetting something (0)

Anonymous Coward | more than 6 years ago | (#21235129)

Why would a blind person be surfing the net in the first place?
Stupidity is the root of all evil.

You must be as evil as they come. STOP posting fisting stories on slashdot.

Touch screen (1)

tepples (727027) | more than 6 years ago | (#21234303)

Having a password system where you have to draw limits the use of websites when using a mobile device.
O RLY? Nintendo DS has a touch screen. Pocket PC and Windows Mobile Smartphone have a touch screen. Apple's iPhone has a touch screen.

Secondly, if people can't see they can't easily use a system where you draw.
Nor can they use the visual CAPTCHA next to it. Any business subject to the Section 508 requirements (or foreign counterparts) will install an alternative authentication mechanism and make it available to anybody who provides proof of disability.

Other problems are what language or plugin do you use? flash, java?
What about HTML 5 Canvas [whatwg.org] with a fallback to one of the above?

These methods prevent brute force attacks but won't stop people using SQL injection and other exploits.
SQL injection? What's that? Or are people still using plain old string concatenation to form database queries rather than building a query with placeholders and then passing it parameters?

Re:People are forgetting something (1)

westlake (615356) | more than 6 years ago | (#21234735)

if people can't see they can't easily use a system where you draw.

it's a problem for those who have arthritis, Parkinson's Disease, and so on.

strong passwords are difficult to remember. complex procedures are difficult to repeat.

the more tolerant the drawing program becomes, the less likely it is to provide significantly more security than a fingerprint reader.

and a fingerprint reader doesn't have quite so naive and vulnerable as those demonstrated on Mythbusters

Re:People are forgetting something (1)

ascendant (1116807) | more than 6 years ago | (#21235849)

You are looking at this from the wrong direction. I'm thinking the best place for this security measure would be a local setting. You could draw your pass on a PDA you own, or show it off as a cool way to get root on your new desktop linux. Anyway, I thought blind people can draw. And even if they can't, they wouldn't be looking for any PDA, now would they? They'd look for one tailored for blind people. Finally, if it's local, the language doesn't matter anymore. I thought it would be obvious this isn't useful as a login method for websites. I don't have mod points today, but I think you're flamebait. If you don't think you're flamebait, you're an idiot.

Get off my lawn! (5, Insightful)

exploder (196936) | more than 6 years ago | (#21233523)

Man, I'm tired of all these complicated new password schemes...my bank uses "security code", a "password", and an image, plus they ask you personal questions that half of us don't even have a definite answer to, such as, "what was your favorite candy as a child" or "what's your favorite vacation spot?" Even if I do remember the answer, I have to remember whether I capitalized, and exactly how I typed it. What a pain in the ass. I get locked out of my bank all the time.

God dammit, just let me pick a nice strong password. I can remember passwords.

Oblig. Penny Arcade (3, Funny)

xenocide2 (231786) | more than 6 years ago | (#21235185)

What is delicious [penny-arcade.com] ?

Re:Get off my lawn! (0)

Anonymous Coward | more than 6 years ago | (#21235983)

No doubt. For online banking, my bank gives a long list of questions which are mostly non-applicable of which I have to choose not one, but three. Surely anyone who doesn't know their absentee mother's maiden name, never had need for a first car, to name its model, or never had a land-line telephone, is probably batshit crazy and doesn't use banks or computers anyway, favoring stuffing their cash in the matress and eating cat food. I'd seriously rather they just gave me a totally random 10-character password and not let me change it.

Easier to recognize... (0)

Anonymous Coward | more than 6 years ago | (#21233525)

... for the shoulder readers that you don't really want to remember your password^H^H^H^Hpic.

Would you remember it if you saw someone type "Ii2621tJWJ0G", or would you remember them drawing a mustache on Bush?

Enforcement Policy (5, Funny)

LiquidCoooled (634315) | more than 6 years ago | (#21233549)

You must change your graffiti drawing every 7 days and ensure you do not use the same sequence of circles squiggles strokes or triangles.
Your graffiti sketch also must be greater than a house and a tree in complexity and has to include accurate birds and sunshine bars.

Re:Enforcement Policy (2, Funny)

SEWilco (27983) | more than 6 years ago | (#21233699)

"a graffiti-laden alteration of your favorite politicians campaign photo"

Mustache is not sufficient alteration. Please redraw your password.

Re:Enforcement Policy (0)

Anonymous Coward | more than 6 years ago | (#21234911)

Whaddya know, Bob Ross was a visionary. Happy trees for everyone!

pain in the.. (3, Insightful)

Anrego (830717) | more than 6 years ago | (#21233561)

I have a hard enough time typing in my plain text password in the morning when I get into work through my one blood shot eye.

I think it would be a major pain in the ass to have to draw a picture every time I wanted to log into my computer.

Re:pain in the.. (2, Funny)

DarkIye (875062) | more than 6 years ago | (#21233661)

...my one blood shot eye.

'Type in your password'? Why would a sheep farmer need to do that?

(Oh, god, I hope the moderators get this one.)

Not as secure, IMO (5, Interesting)

rustalot42684 (1055008) | more than 6 years ago | (#21233581)

What happens when the person next to you looks and sees what you're drawing? The advantage of text-based passwords is that you can have them as stars or whatever onscreen. And if the users are unwilling / too stupid to make secure passwords (with numbers/letters/symbols), a drawing isn't going to be fundamentally more secure anyways, it's just a gimmick.

Re:Not as secure, IMO (1)

kc2keo (694222) | more than 6 years ago | (#21233927)

I suppose in place of the starts while typing you could have it show maybe a bunch of tux penguins then if the pass validates against the right one then it logs you in... probably stupid thought but that is what I can think of at the moment.

huh? (3, Insightful)

religious freak (1005821) | more than 6 years ago | (#21233619)

I still don't get how these things are supposed to work, really. So you can draw a picture of graffiti and that's your password?

What if I can't draw?
How can you obscure this while "entering your password"? Seems like it'd be a lot easier to see than what someone is doing on a keyboard.
How much is the extra hardware going to cost and would the business want to pay for it?
Why not just do fingerprint recognition?
etc, etc...

doesn't address the big problem with security (0)

Anonymous Coward | more than 6 years ago | (#21233653)

people are morons. it's not the password, it's the users. while it's great that password security is being updated it's simply not going to prevent most issues.

I'd say less secure (4, Insightful)

Kabuthunk (972557) | more than 6 years ago | (#21233833)

I can't see how it's more secure. I'm sure many, many passwords will just be some random part of the background, like the bird or a tree, just coloured in.

Also... if we're so much better at remembering images, then one just has to glance at the screen someone is drawing on and then whoops... looks like they remember it too now.

Re:I'd say less secure (1)

PK077295 (1163951) | more than 6 years ago | (#21240009)

Agreed, and I wonder how long is the average tine it takes to draw a graffiti, compared to typing 30 letters password... If it's pre-drawned and user need only choose, those brute forcers will be very happy. =/

Memorable? (3, Interesting)

Bieeanda (961632) | more than 6 years ago | (#21233915)

I don't know about anyone else, but even my signature tends to shift a bit every time I jot it down to take a delivery or acknowledge a credit card payment. Even something as simple as a circle is going to throw no-match errors, unless the system's got a lot of built-in leeway for curves and squiggles that aren't in precisely the right spot.

Re:Memorable? (2, Insightful)

westlake (615356) | more than 6 years ago | (#21237639)

I don't know about anyone else, but even my signature tends to shift a bit every time I jot it down to take a delivery or acknowledge a credit card.

This is the classic way of detecting a forgery. If two signatures are identical, one has to be a tracing. Any kid who was reading The Hardy Boys or Nancy Drew in the 'thirties would have been exposed to the idea.

Re:Memorable? (0)

Anonymous Coward | more than 6 years ago | (#21248531)

It's also obvious to tell if the signature is of a *different name* to the sample (e.g back of credit card).

While rather inebriated one evening, I lent my debit card to a friend to get the next round. He ordered the drinks, and they accepted the card, even though he forgot (as he was a little soused as well) he was using mine and signed his own name!

Re:Memorable? (1)

jansenlu (1184525) | more than 6 years ago | (#21239697)

i share the same problem as well. it's hard to associate graffiti to something i can easily remember and repeat well.

Works for me. (1, Funny)

Ralph Spoilsport (673134) | more than 6 years ago | (#21233961)

On one site, there's a picture of George Bush, I type ASSHOLE, and I'm in like flint.

Really easy to remember!

RS

Re:Works for me. (0)

Anonymous Coward | more than 6 years ago | (#21234545)

What about "monkey", "chimp", "ape", "idiot", "retard", "drunk", "cokehead", etc?

Universal Access (3, Insightful)

ddrichardson (869910) | more than 6 years ago | (#21234809)

This system doesn't lend itself to those with visual impairment very well. In fact, having recently injured my right hand I have had difficulty writing, yet a fingerprint reader is still perfectly usable.

nigpga (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21234895)

It. Its mmision is to have to decide the project to for election, I

Done and Done (4, Funny)

Sir_Brysonic (822946) | more than 6 years ago | (#21235239)

I just finished changing all of my passwords to "Graffiti". I'd better tell my friends to do the same!

Locked out (1)

Joebert (946227) | more than 6 years ago | (#21235469)

The password to your porn collection is your porn collection ?

Brilliant !

Re:Locked out (0)

professional_troll (1178701) | more than 6 years ago | (#21237317)

Now you have a valid excuse to learn how to draw naked men. Good on you!

Re:Locked out (1)

Joebert (946227) | more than 6 years ago | (#21237609)

For the last time, Hillary Clinton is NOT a man !

Re:Locked out (0)

professional_troll (1178701) | more than 6 years ago | (#21237941)

If Bill had to resort to being a chubby chaser... Just saying...

Signature... (1)

aqsalter (601218) | more than 6 years ago | (#21236531)

So a signature still remains the best way to individually identify someone?

wait what? (0)

Anonymous Coward | more than 6 years ago | (#21236625)

why the hell has the word graffiti been used?
It's completely the wrong word to use, graffiti is stuff drawn/painted etc where it's not meant to be,are they trying to make the project more street? or because you have to draw your picture password with a etch mop while evading the police? I know they said it's akin to drawing graffiti but just that makes no sense to me.

(I personaly cross over between geekery and graff but I doubt anyone else here does)

Re:wait what? (1)

AgentSmith (69695) | more than 6 years ago | (#21246229)

Graffiti, eh? In that vein, then the input device will be a virtual spray can.

Yo vato! I gunna login to my PC. Check it, my dope password!
*Pssht* *Pshhhhht* *Psssssssssssssssssssssssssssht*

Really.
Default passwords could be simple shapes likes circles and triangles.
No need to see a screen.

Complex and strong passwords are more complex drawings.
A touchpad sensor could sense that certain coordinates are contacted in a sequence.
Throw in a margin of error, so people aren't directly duping your password sketch.

Another way to do this could be touch glyphs.
Your password is like playing Simon.
Circle Circle Circle Diamond Square. Bzzzzzttt!
I would say colors, but color blind folks would get the shaft on that one.

Display: Press the Reg Key.

Color Blind person: I don't know ya bastard! There is no Red key, but there is a green. [PRESS GREEN]

Display: Bzzzzt!

Although, Touch pad sensors would also have to be durable. Ever know the heartbreak of trying
to sign your name on a digital screen at the supermarket or store? The screen is scratched
to hell and back, and it doesn't recognize your name even if you used 300psi to write it.

Mouse ? (1)

garphik (996984) | more than 6 years ago | (#21237395)

what would be the input device ? mouse ... if so most of the people will spend long time trying to log in.

Missing the point, people (1)

darealpat (826858) | more than 6 years ago | (#21237799)

Most comments are missing the "point" made in the end of the article about mobile devices, which IMHO means that this "technology" is better suited for that type of device, NOT "regular" computer terminals. Perhaps not even ATM's at this time because shoulder surfers will probably remember your password easier too. For those who use mobile devices as an integral part of their job (accessing databases, records, etc.), this technology makes sense.

You mean something like This??..... (0)

darkonc (47285) | more than 6 years ago | (#21238645)

Imagine having your password be a graffiti-laden alteration of your favorite politician[']s [flickr.com] campaign photo..."

share info (-1, Offtopic)

gamergogo (1184159) | more than 6 years ago | (#21239007)

Tired of empty promise? Hesitant of disappointing price? Uncomfortable of complicated order process? VCSALE.COM provides you cheapest price and fastest delivery, with simplest order procedure you could ever expect. Why not just have a try? 10% cheaper than any of other websites you could meet. $90 FOR 2000 WOW US GOLD! $90 FOR 2000 WOW EU GOLD! $42 FOR 1M FFXI GIL! $60 FOR 50 LOTRO GOLD! $50 FOR 1000M EVE ISK! $45 FOR 100M LINEAGE2 ADENA! At VCSALE.com we value each and every one of our customers and we're committed to providing the very best in service and support.

Cha de Bugre (0)

Anonymous Coward | more than 6 years ago | (#21249147)

I'm a fan of the grafitti because I'm an old school grafitti artist myself. My specialties were the peace sign, just the word "The Who", the backwards swastkicker, I'd draw the Road Runner, just the word "The Who", Repent 13, just the word "The Who" Those types of things.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...