Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Recognizing Your Own Handwriting As A Password 151

Posted by CmdrTaco from the sounds-suspiciously-like-reading dept.
Gary writes "A new online authentication system called Dynahand could make logging in to websites a little easier. With Dynahand, users simply identify their own handwriting, instead of entering a cryptic password or buying a biometric device to scan their fingerprints. The user's handwriting samples contain only digits, since numerals are harder for an outside party to recognize than letters are. The digits displayed are random, so the handwriting is the only clue to the correct answer."
This discussion has been archived. No new comments can be posted.

Recognizing Your Own Handwriting As A Password More

Recognizing Your Own Handwriting As A Password

Comments Filter:

  • Brute Force? (Score:3, Insightful)

    by micksam7 ( 1026240 ) on Monday July 02, 2007 @08:48AM (#19715945)
    This would make brute-forcing a password a little easier..

    An attacker could simply select a hand writing at random till they get the right one.

    TFA doesn't say anything about that.

  • Re:Brute Force? (Score:5, Insightful)

    by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Monday July 02, 2007 @08:57AM (#19716029) Journal
    Why bother? My desk is covered with my clearly recognizable scrawl, and most of it is numeric just to add insult to injury.

    While the idea of a system that depends on recognition is interesting (though in my mind, not terribly secure for the exact reason you stated), handwriting is probably the poorest example because we leave handwriting samples everywhere. It'd be much more secure to have the system be "Recognize a picture of your own genitalia" because at least then you only have to worry about former significant others...And hell, for this crowd, you don't even have to worry about that.

  • Sometimes, simple is best (Score:5, Insightful)

    by pzs ( 857406 ) on Monday July 02, 2007 @08:58AM (#19716037)
    Passwords actually strike me as quite a good security method. A good password is difficult to guess by a person or by a machine and is very simple to implement, leaving less margin for error in the technology.

    I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.

    Peter

  • Totally utterly useless on 2 counts (Score:3, Insightful)

    by chiark ( 36404 ) on Monday July 02, 2007 @08:59AM (#19716045) Homepage Journal
    1. It's a shared secret. That's all. I was going to say "no better, no worse", but actually it's made significantly worse by being multiple choice.
    2. Doesn't prevent MITM in any way whatsoever

    Now the biometric of someone's typing rythm strikes me as a good thing, along with "PC fingerprinting" and trend analysis, but this suggestion is significantly worse than what we already have available on the market.

    "3/10 - see me" would be my mark for this particular gem.

  • have to hide my hand writing? (Score:5, Insightful)

    by janneH ( 720747 ) on Monday July 02, 2007 @09:00AM (#19716073)
    What, now I have to bring a typewriter everytime I go to the restaurant - to fill in the tip and total?

  • Re:Bad idea (Score:3, Insightful)

    by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Monday July 02, 2007 @09:03AM (#19716111) Journal
    I could quite easily recognize my own...But so could anyone else who has ever seen it. Then there are those people with bland, unmemorable handwriting...How would you pick your handwriting out of a crowd when your handwriting looks like handwriting is supposed to look.

    Additionally, the number of samples would have to be constrained to what a normal person could be expected to go through, so the odds of someone being able to guess it are huge. I mean, I could set my password to the crappy "Guess,15" and it would take millions of brute force guesses to figure it out, as opposed to checking 20 something handwriting samples.

  • What a stupid concept (Score:5, Insightful)

    by Mock ( 29603 ) on Monday July 02, 2007 @09:16AM (#19716229)
    Here's how you crack it:

    1. generate a bunch of new sessions to the login page.
    2. Identify samples that appear more often than others.
    3. Recognize the handwriting style.
    4. Log in.

  • Re:Brute Force? (Score:5, Insightful)

    by necro81 ( 917438 ) on Monday July 02, 2007 @09:19AM (#19716261) Journal
    From parent post's link:

    Renaud doesn't think Dynahand is secure enough for protecting sensitive information, such as bank accounts or health records. Rather, she believes it could be useful for social sites, where a user wants her account to be private but where nothing disastrous would happen if someone broke into it.
    The folks at Dynahand obviously don't know how bad hijacking someone's social network identity could be. While not as sensitive as banking or medical information, access to one's online profile is a pretty sensitive thing. A person pretending to be you on MySpace or Facebook could cause all kinds of damage to your reputation, lose you (real) friends, and leave an incriminating trail for any future employer to find. Even if you are able to regain control of your account via customer service, and could remove the offending material from your page, nothing is every really deleted from the Internet.

  • Re:Brute Force? (Score:2, Insightful)

    by morgan_greywolf ( 835522 ) on Monday July 02, 2007 @10:22AM (#19717037) Homepage Journal
    What's a password? 7 or 8 picks out of, at most, 52 letters, 10 digits, and 22 symbols, right? 7 or 8 picks out 84 possibles. If you want it as secure as a password, you just need 84 possibles, right?

  • Re:Sometimes, simple is best (Score:4, Insightful)

    by Jah-Wren Ryel ( 80510 ) on Monday July 02, 2007 @11:04AM (#19717579)

    I know, I know, people forget their passwords or choose the word "password" all the time. It still seems a little depressing that we have to use all this extra trickery to compensate for people being morons.
    Users aren't always just morons. I know a person who has to keep track of 9 unique passwords with at least 3 different usernames, most of which are used once a week or less. All the systems have minimum length and complexity requirements, 90-day expiration and permanent lock-out if an account gets just three failed logins in a row. In his case it is potentially a go to jail offense to write down these passwords ANYWHERE, even in some sort of encrypted form.

    In cases like that, the real morons are the people pushing their authentication complexity onto the users, not the users themselves.

  • Nothing to see here ... (Score:5, Insightful)

    by pz ( 113803 ) on Monday July 02, 2007 @12:14PM (#19718541) Journal
    From the article's first paragraph:

    You can't afford to be careless regarding the password coz you never know ...

    And with that, I stopped reading. Why? Because I don't have enough time to read things that aren't written in at least passable English. If someone has a good idea, and are serious about it, they'll make the effort to communicate it well or have it communicated well for them.

    Nothing to see in this article, and, by strong implication, a worthless idea.

Slashdot Top Deals

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"

Close