Recognizing Your Own Handwriting As A Password 151
Gary writes "A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer."
Brute Force? (Score:3, Insightful)
An attacker could simply select a hand writing at random till they get the right one.
TFA doesn't say anything about that.
Re:Brute Force? (Score:5, Insightful)
While the idea of a system that depends on recognition is interesting (though in my mind, not terribly secure for the exact reason you stated), handwriting is probably the poorest example because we leave handwriting samples everywhere. It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...And hell, for this crowd, you don't even have to worry about that.
Sometimes, simple is best (Score:5, Insightful)
I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.
Peter
Totally utterly useless on 2 counts (Score:3, Insightful)
2. Doesn't prevent MITM in any way whatsoever
Now the biometric of someone's typing rythm strikes me as a good thing, along with "PC fingerprinting" and trend analysis, but this suggestion is significantly worse than what we already have available on the market.
"3/10 - see me" would be my mark for this particular gem.
have to hide my hand writing? (Score:5, Insightful)
Re:Bad idea (Score:3, Insightful)
Additionally, the number of samples would have to be constrained to what a normal person could be expected to go through, so the odds of someone being able to guess it are huge. I mean, I could set my password to the crappy "Guess,15" and it would take millions of brute force guesses to figure it out, as opposed to checking 20 something handwriting samples.
What a stupid concept (Score:5, Insightful)
1. generate a bunch of new sessions to the login page.
2. Identify samples that appear more often than others.
3. Recognize the handwriting style.
4. Log in.
Re:Brute Force? (Score:5, Insightful)
The folks at Dynahand obviously don't know how bad hijacking someone's social network identity could be. While not as sensitive as banking or medical information, access to one's online profile is a pretty sensitive thing. A person pretending to be you on MySpace or Facebook could cause all kinds of damage to your reputation, lose you (real) friends, and leave an incriminating trail for any future employer to find. Even if you are able to regain control of your account via customer service, and could remove the offending material from your page, nothing is every really deleted from the Internet.
Re:Brute Force? (Score:2, Insightful)
Re:Sometimes, simple is best (Score:4, Insightful)
In cases like that, the real morons are the people pushing their authentication complexity onto the users, not the users themselves.
Nothing to see here ... (Score:5, Insightful)
You can't afford to be careless regarding the password coz you never know
And with that, I stopped reading. Why? Because I don't have enough time to read things that aren't written in at least passable English. If someone has a good idea, and are serious about it, they'll make the effort to communicate it well or have it communicated well for them.
Nothing to see in this article, and, by strong implication, a worthless idea.