Using Images as Passwords 268
TekkenLaw writes "According to this news on Reuters, MS is looking at images rather than plain old text for enhancing security. The key - images, which tend to make more of an impression on people than strings of text characters. This is especially interesting in context of the crappy passwords story that ran on Slashdot that ran few days back."
So when you call support to get your lost password, will they ask you what
your mothers maiden hair color was?
thumb (Score:4, Interesting)
AfterDark (Score:3, Interesting)
Interesting, but.. (Score:2, Interesting)
Dumbed-down (Score:4, Interesting)
Users would have to be fools to "click" their password unless they are positively alone in the room. The current standard at least has masked text on screen, and the order of keys on the keyboard is VERY difficult to track even when the user is moderately good at typing.
Let's not forget that in the case of the new photo passwords, with 50% of users you would only have to know the "Lenny Bruce sequence" in their Playboy passphotos: T'n'A
~zecg.
Presentation dependent (Score:3, Interesting)
First, presentation of the image will (may) vary in different situations. The visual presentation of a password is pretty irrelevant: as long as you can understand and input the right symbols the font, colour size etc. in which they are presented isn't relevant. On the other hand an image must look substantially like the crib image. Sounds obvious, but consider differences in resolution, colour depth etc. You can divide the image into regions (a grid, perhaps) but ultimately there will be a limit to the resolution of the grid that you can rely on (not to mention input errors limiting the viable grid resolution.) To get more possible regions, you'd need a plain bigger image to get around the input resolution issue. All of which complicates the implementation (of course, you could break each image down semantically somehow, but that sounds like a further adventure altogether.)
And, after all that, prople may turn out to have pattern preferences that are "as crappy" as poorly chosen passwords? Always use a photo of your daughter and click on both eyes and outline her cute smile? Ooops. Use your country flag and click where regions of colour meet?
Re:Three Words (Score:2, Interesting)
Yes, Johnny Mnemonic.
You stole my post as I was trying to remember the name of the movie, lol. This was really cool though. For anyone who doesn't know, Johnny (played by Keanu Reeves) is an information courier. He had information uploaded into his mind (needed some sort of implant, I can't completely recall) and then they randomly grabbed 3 screen shots off of the TV from random channels. One copy was kept for the initiators of the carry, another was faxed (tried to be faxed) to the recipient. The screen shots were used to retrieve the information as a password. Very cool.
Check me (Score:4, Interesting)
Let's hope they have a way of opt-ing out (Score:4, Interesting)
apparent problems... (Score:1, Interesting)
Problem is that this has nothing at all to do with how you actually pull out that memory. I mean, having this strong kinesthetics allows you to keep that password in your head, but it does nothing for pulling it out (unless you always use the same password... more on this later)
What triggers that memory really has to be one of four things: A sound, an image, a phrase (written), or a touch. That's not true, at least with me (functional keyed-retreival) but most people at least fall into those four.
This is a cue that your mind uses to pull out those memories at the appropriate moment. The feedback starts and you can whip out your password completely automatically, right?
Some "realistic solutions" to these problems include: biometrics - which don't require any memory, single login - which limit the number of cues needed, asymmetric key - which relies on math, etc, etc.
I say "realistic" because people have used them and they do work. They don't affect that memory pathway in and of itself, but instead rely on more durable pathways (e.g. outside of the person :) )
Unrealistic methods? Pictorial passwords. Besides the obvious that they're useless to the blind, many (dare I say most? nah, I couldn't find those numbers) people lack a visual eidetic. This means that they're very easy to confuse with similar images - because they cannot be used as triggers for their memory- They simply cannot remember seeing that.
Surely, they can remember the memory of seeing, or the act, maybe if they described it to themselves (common: turning a visual cue into an audio one, but this is time consuming and rarely works for long) - point being, it pushes way too much emphesis on only one cue.
With our current method, I gain some visual cues; input fields on the left, on the right, a popup, etc. I also gain some functional cues (mail related? do I know these people? am I these people? was this just a test?)
I then turn all these cues into the blinding flash of realization that sends my fingertips into a frenzy typing out the appropriate login and password for wherever I'm at. (except on slashdot, i'm a wuss... i use cookies :D)
My cues may not be the same as everyone elses' but everyone does have cues. I think that changing the focus of what we remember is less important than changing the cues by which we do remember.
A possible drop-in solution for *nix (Score:2, Interesting)
1. Take a directory full of images, it doesn't matter if they are
find . -name '*.png' | wc -l
297
pictures. Given this, we can do som basic combinatorics (permutations of these standard pictures) for any value of 297 choose n. Using the permutation of (297 3) gives us 25,934,040 possiblilties (remember the order of choosing pictures is unique). It gets even nicer at 4 (7,624,607,760). Why am I bothering with this? Let me show you a snippet of python code:
# requires python 2.x
import sha,sys
print sha.new(sys.stdin.read()).hexdigest()
This little beauty will compute the hex-digest of the Secure hashing algorithm (http://csrc.nist.gov/publications/fips/fips180-1
.
All you have to do to use this program is the following:
$ cat apps/kedit.png filesystems/zip.png mimetypes/widget_doc.png | hex_sha.py
066686143327A8A582E5F5333A98D6C3F1426
or, if you prefer:
$ cat apps/kedit.png mimetypes/widget_doc.png filesystems/zip.png | hex_sha.py
2C35BA8998BAAEA70008AE41E31F923142A48
Obviously, order matters. Starting from this simple building block I'm sure it woulndn't be too hard to have kdm/gdm/xdm use this alternate method. There are c libraries available (openssl) which accomplish the same feat.
In short, this can be implimented in a weekend by a skilled hacker. One could even see crative ways of assigning short characters to each picture so that clicking isn't necessary. Something along of the lines of:
Actions == A
aPps == P
Devices == D
Filesystems == F
Mimetypes == M
And each subdirectory use the same method as well. So instead of catting those three files via the CLI, I could opt to type
PE == aPps/kEdit.png
MW == Mimetypes/Widget_doc.png
FZ == Filesystems/Zip.png
So I could type PEMWFZ (case shouldn't matter as we're indexing through a series of directories/files) and get my first catted line above. The second line would be PEFZMW.
The weaknesses in the algorithm described above lie in the strengths of SHA and the number of choices (I'm using 3). Since SHA's collision space is larger than (297 3) The weakness lies in the permutation. As I showed above, it's pretty damn big. Make it 4 (and all pw's become 8 characters).
Hardest part is the passwords are still gibberishlike. Or are they? Each grouping is paired in twos naturally. The password in ones's mind isn't PEMWFZ, it's PE, MW, FZ. If one can visualize the picture with the grouping then there is a direct visual association. This would appleal to most hacker-types. And the non-techies can even just opt to scroll through the pictures clicking on the 3 (or 4) that comprise the password. There could even be an option displaying the shortcut keys as the pictures are being clicked in case the person can't remember one of the mnemonic groupings. This must be done in absolute secrecry should the should-surfers wander by.
You guys get the idea. I'm just spewing ideas about this topic.:)
(And to others about this "dumbing-down" passwords; I think my hacker/non-hacker solution above compliments both types nicely. It also gives rise to REAL passwords without having to memorize `a09GD3hz'. A compliment of pictures and shortcut blocks works well within the human mind -- try it if you don't believe me. On top of this, it eliminates the possiblity of people choosing 'god', 'stud' 'master' and other such obvious passwords.)
Feel free to flame my constructive brainstorming. This is
stupid assumptions (Score:2, Interesting)
Besides, the click locations would have to be stored in terms of percentages to allow for scaling the image for display on different devices with different resolutions and still accepting the user's "password." Add in a tolerance factor since the user probably won't click the exact same spot, and look...if I display all your images so they're really tiny I can click wherever I want and login!
Re:I would choose a picture of [a keyboard] (Score:3, Interesting)
Its easy to scan and parse where the user is going to be. After all, this is done in software anyway! It makes no difference if it is done on the host computer or a remote spying box.
byte: contents:
0 1 L R Y7 Y6 X7 X6
1 0 X5 X4 X3 X2 X1 X0
2 0 Y5 Y4 Y3 Y2 Y1 Y0
Re:Worse idea. (Score:3, Interesting)
How do you know it has not been compromised? They could be holding on to it waiting for a good time to use it. They could be logging in, copying files, but not destroying anything that you would notice.
Why is it that everyone assumes they KNOW when they have been hacked. I happen to know my boss's server password and he has no idea that I know it and he does not change it. If I so desired I can read his mail at will, read my co-workers reviews, etc. I don't, but I can. what makes you so sure that you have not been compromised and someone isn't surreptitiously using it?
A while back I discovered one of our server's had been hacked (we discovered a root kit had been installed). We never figured out exactly how long it had been there. Could have been as long as a year, and who knows how much vital data could have been taken over that period while we were blissfully ignorant. Bottom line, don't be so ignorant, a good cracker is not likely to be noticed! You may very well have been watched for years.
Re:Lotus Notes, and social commentary (Score:3, Interesting)
Re:Lotus Notes, and social commentary (Score:1, Interesting)
Gee, that's interesting. How do you prevent shoulder surfers -- and TEMPEST, and whatever -- from grabbing your password?
In case you missed it: all I need to do is record your monitor as you type your password, sit down at the password prompt, watch the first image change on the recording, and press a key (followed by backspace) until I see the same image change. Then continue for each key until I have your whole password. Heck, the password field even shows bullets, so I can use that to make sure I stay in sync.
What a cruddy idea.