Forgot your password?
typodupeerror
Security Technology

Picture Passwords More Secure than Text 261

Posted by CowboyNeal
from the my-scribble-is-my-password dept.
Hugh Pickens writes "People possess a remarkable ability for recalling pictures and researchers at Newcastle University are exploiting this characteristic to create graphical passwords that they say are a thousand times more secure than ordinary textual passwords. With Draw a Secret (DAS) technology, users draw an image over a background, which is then encoded as an ordered sequence of cells. The software recalls the strokes, along with the number of times the pen is lifted. If a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. The "passpicture" is recognized as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly. The software has been initially designed for handheld devices such as iPhones, Blackberry and Smartphone, but could soon be expanded to other areas. "The most exciting feature is that a simple enhancement simultaneously provides significantly enhanced usability and security," says computer scientist Jeff Yan."
This discussion has been archived. No new comments can be posted.

Picture Passwords More Secure than Text

Comments Filter:
  • Meh. (Score:4, Insightful)

    by mingot (665080) on Thursday November 01, 2007 @07:32PM (#21205411)
    I'd have to train myself to remember the strokes to draw something with the same movements and pen lifts. Sounds like a pain in the nuts to me.
    • Easier in Asia... (Score:4, Interesting)

      by Anonymous Coward on Thursday November 01, 2007 @07:39PM (#21205493)
      You say that, but it's EXACTLY what you have to do to learn kanji or kana... or hanzi, for the Chinese.

      That's right, there's a proper way to write every one of the thousands of characters, right down to stroke order and placement.
      • Re: (Score:3, Insightful)

        by mingot (665080)
        I'll bet they'll just pick a character instead of drawing a picture.
      • Re:Easier in Asia... (Score:4, Interesting)

        by Nexx (75873) on Thursday November 01, 2007 @08:05PM (#21205769)
        Not only that, but people who learn it the "wrong" way quite often write it the wrong way throughout their lives. I experience this a lot with my parents -- the stroke order they learned is different from the stroke order I learned, so anytime I watch them write, it looks a bit odd.
        • I learned to write a few of my hiragana and katakana characters in the wrong stroke order, and native readers could tell just by glancing at my handwriting that I was doing it wrong. I concentrated much harder on this aspect when I was learning kanji, but I'm sure I still do many of them wrong.
        • the stroke order they learned is different from the stroke order I learned, so anytime I watch them write, it looks a bit odd.

          You mean, you look more elitist?
      • True, but perhaps that's one of the many reasons I'm not learning Japanese or Chinese.

        Also, I wonder what happens if you just really suck at drawing. And how long would it take to draw a picture? I don't want to spend 5 minutes recreating butterflies every time I lock my computer because I stepped away to get some water.
      • Sounds like a pain in the nuts to me.

        You say that, but it's EXACTLY what you have to do to learn kanji or kana... or hanzi, for the Chinese.
        Therefore, learning Chinese or Japanese is a pain in the nuts. Nothing to see here.
    • by khasim (1285) <brandioch.conner@gmail.com> on Thursday November 01, 2007 @07:41PM (#21205515)
      If you have to draw a picture to login, it's going to be very easy for people to see what you're drawing just by being near you.

      With typed passwords that is a lot more difficult.
      • by Karl0Erik (1138443) on Thursday November 01, 2007 @07:42PM (#21205533)
        Well, they could just cover the drawing in asterisks.

        Oh, wait.
      • by mstahl (701501)

        Really? I disagree. Though it's easy to watch someone's fingers and see which keys they're hitting, it's far more difficult to watch someone's hand and imagine exactly how they typically draw a password. Though this can't have too much subtlety to it because then no one would ever be able to remember their password exactly enough to reproduce it, it can be fine-grained enough that no one but you can draw your password like you do.

        • Re: (Score:3, Interesting)

          by fredklein (532096)
          it's far more difficult to watch someone's hand and imagine exactly how they typically draw a password.

          It's not as difficult as you think. It's a standard magicians trick to secretly watch a persons hand/pen movements and then 'magically' re-create the drawing they made.
      • by megaditto (982598) on Thursday November 01, 2007 @08:18PM (#21205871)
        Draw the goatse man. That'll teach them to spy on you!

        Now if only I could figure out how to paste that troll's ascii in here...
      • by TheGeneration (228855) on Thursday November 01, 2007 @08:23PM (#21205935) Journal
        Okay, so something like 99% of users are going to use happy faces for their drawn password. That'd be so difficult to crack.
      • by Jahz (831343)
        Well, it's the same as with signatures. Even if you see somebody sign their signature, it still remains extremely difficult to replicate what they wrote. Handwriting analysis software and forensic handwriting analysts can almost always tell a forgery from the real thing!

        Anyway, the drawing pad would most certainly *not* show the password picture while you're drawing it!! Sheesh! Do you think security researchers are that stupid?
        • SHA (Score:4, Insightful)

          by h4rm0ny (722443) on Friday November 02, 2007 @04:01AM (#21208875) Journal
          But on the subject of security, how would these passwords be stored? One nice thing with plaintext is that you never have to store anyone's actual password, only the hash of it. I suppose you could still create a hash of "1. stroke 47degrees 3%, 2, stroke 270degrees 22%" or whatever the password device spits out, but it seems to me that as this system requires a more sophisticated way of interpreting fuzzily matched movements, there might be problems with this approach or it could introduce weaknesses.

          You could use some algorithm to simplify the users drawing, rounding angles (I punned! :D ), adjusting lengths, perhaps. But this would probably have the effect of narrowing the password space making it easier to crack the passwords. I'm not an expert in this area, I'd be interested to know if they've thought about this or if anyone else knows a bit more about it.
    • I'd have to train myself to remember the strokes to draw something with the same movements and pen lifts. Sounds like a pain in the nuts to me.
      Unless you're Chinese, in which case the swollen knuckles you still have (from being swatted with a chopstick when you learned to write Chinese) will be ample reminder of how to remember stroke order.
    • by Plutonite (999141)
      Welcome to the world of pattern classification. I do not think all systems have to be implemented in the way you imply.
      • by Plutonite (999141)
        Clarification: GP statement is correct in terms of this particular implementation. I was just pointing out that although I agree it wont work and it's silly to think that people draw the same strokes every time, there are other ways to do this.
        • by penix1 (722987)
          Well, the TFS starts off with a false premise...

          People possess a remarkable ability for recalling pictures


          They are basically talking about eyewitness identification. That has already been debunked as the most unreliable source for anything. There are too many variables involved. Everything from remembering what image you used to repeating that image consistently over time is under fire. This just won't work for so many reasons...
    • by Kingrames (858416)
      Yeah right. You'd just have to draw ascii goatse and it'd be more secure than your current password.
    • Re:Meh. (Score:5, Insightful)

      by wish bot (265150) on Thursday November 01, 2007 @08:07PM (#21205785)
      Ordinary people have been doing this for hundreds of years. It's called a SIGNATURE.
      • Re: (Score:2, Insightful)

        by X0563511 (793323)
        Hmm, thats an idea. You COULD draw a picture, but if you "sign" a password, that only adds to the complexity of what an intruder must duplicate.

        After a long time doing it, you would get damn fast at it too.

        One problem however is disability. If I had a horrible accident and became a quadrapole, I could still recite my password to someone if need be... good luck doing that with this kind of authentication.
        • Re: (Score:3, Informative)

          by rossdee (243626)
          "If I had a horrible accident and became a quadrapole, I could still recite my password to someone if need be... good luck doing that with this kind of authentication."

          I think you mean quadraplegic. According to Wikipedia:

          A quadrupole is one of a sequence of configurations of electric charge or gravitational mass that can exist in ideal form, but it is usually just part of a multipole expansion of a more complex structure reflecting various orders of complexity.
      • by dfries (466073)

        Ordinary people have been doing this for hundreds of years. It's called a SIGNATURE.

        That might be a good idea until you get one of these messages.
        Password expired, please change your name.

      • Re:Meh. (Score:5, Funny)

        by ILuvRamen (1026668) on Thursday November 01, 2007 @09:59PM (#21206685)
        I could get that dolphin that they taught to paint (look it up) to sign my signature on a check and the bank would still take it. It doesn't even have to be words or letters. As long as someone scribbled my signature, they're not going to reject it so the check's good. Signatures aren't quite the same thing.
        Now my 2 cents, I just design security systems that are so freaky and confusing that hackers just give up because it's too odd. The hacker or otherwise bad person just gives up and is like "wtf is it, broke or just haunted?" If someone made a software suite where you can design your own ridiculous security system with basically unlimited possibilities of whatever the user can dream up, people would have some pretty ridiculous security! Everyone here always complains about security through obscurity. You try opening a ridiculously large-bit-encryption archive file of mine when at the "enter the password" screen, you have to wave the cursor over the password field then type submit in it and click the exit button which reveals a crossword puzzle with only one valid word in it but you have to in fact click the squares so the highlighted letters form a smiley face then within 3 seconds, click on the password field then press tab three times which is the only wat to get you to the now unlocked, real invisible password entry box and type your password in stutter type (doubles of each letter followed by a backspace) and then press the red X in the top right to submit it and open the archive. You aren't getting into that archive! That's so screwy, someone would give up trying to figure out what the hell was going on in minutes. And good luck brute forcing it cuz that'll take all the computers on earth a couple hundred trillion years. Plus it's not that hard of a process to remember when you really think about it. It'd take someone who memorized it like 15 seconds tops to do it all and even if someone watched it, they'd have trouble remembering it or understanding it. They'd have to have a camera recording your keyboard and mouse synchronized with another camera watching the screen and also be able to guess the time requirements. Do all that with an incrementing password (like fishfish2 then next time it's fishfish3) at the end of it and they'd barely be able to solve it if you told them every step. Waaaaaaay better and more secure than drawing a picture on a low res grid.
        • Re: (Score:3, Funny)

          by Web Goddess (133348)
          That sounds like a great password for a Fortress of Solitude, but probably not feasible for mere mortals. I can't decide if you are brilliant or insane.
    • Re:Meh. (Score:5, Funny)

      by B3ryllium (571199) on Thursday November 01, 2007 @08:35PM (#21206031) Homepage
      Sounds like a pain in the nuts to me.

      You're doing it wrong.
  • Prior Art (Score:3, Informative)

    by mlwmohawk (801821) on Thursday November 01, 2007 @07:32PM (#21205413)
    The movie "Safe House" with Patrick Stewart had something similar.
  • by ShawnCplus (1083617) <shawncplus@gmail.com> on Thursday November 01, 2007 @07:35PM (#21205447) Homepage
    From Article:

    graphical passwords that they say are a thousand times more secure than ordinary textual passwords.
    Someone a long time ago:

    A picture is worth a thousand words
  • by cliveholloway (132299) on Thursday November 01, 2007 @07:37PM (#21205467) Homepage Journal
    ...about drawing penises on goatse photographs?

    That would be one way to keep things secure though - it's hard for someone to guess your pass picture if they can't bring themselves to look at the background... :)
  • I dont think so (Score:5, Interesting)

    by Pazy (1169639) <Pazy160@Hotmail.com> on Thursday November 01, 2007 @07:37PM (#21205471)
    I doubt this will really work, most people when they draw and write so it slightly diffrent each time. They may have to sit down and aim exactly and prepare which will take too much effort for most people. I doubt this will take off its the old security vs convenience. At this point ill take the convenience of a text password.
    • From TFA:

      For example, if a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. It is recognised as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly.

      So you don't even have to hit the same points. And this is supposedly "more secure"?

      Imagine a password program that allow

      • by Mike89 (1006497)

        If your password was "peach", would you want the system to accept "apple" as being "close enough"?
        Wouldn't it be more like:
        If your password was "peach", would you want the system to accept "peacj" as being "close enough"?
    • by schmiddy (599730)
      Actually, somewhat counter intuitively, ballistic motions [slyengineer.net] such as scribbling a signature or swinging a baseball bat are actually more accurate when you perform it quickly and without hesitation (because they're ingrained in muscle memory). I'm not sure if the picture drawing described in TFA would qualify, as it would take a great number of repetitions (1,000+ perhaps) to get ingrained in one's muscle memory.
    • by FleaPlus (6935)
      I doubt this will really work, most people when they draw and write so it slightly diffrent each time.

      If I were implementing it, I would have a person actually draw several copies of the same thing in a row, so that it can learn the likely sources of variability in that person's drawing. It could maybe even learn this a little bit each time the person logs in, so it would be able to adapt as that person's drawing style slowly changes. Any overly abrupt change would be a failed login, and trigger the need f
  • Sounds hard (Score:5, Insightful)

    by dontthink (1106407) on Thursday November 01, 2007 @07:38PM (#21205475)
    I can't even consistently write my signature, let alone some arbitrary picture.
    • Not to mention how easy it would be to make a program to guess it, as most people wouldn't be able to totally reproduce it fully all the time, that means more tries it would allow. Plus, what if theres a flaw in Flash/AJAX/JavaScript/Canvas or whatever your drawing in? At least HTTPS is hard to break and HTML is rather secure.
    • Re: (Score:3, Insightful)

      by Feanturi (99866)
      I have the same problem with my signature. At one time, it used to be very consistant, and quite legible. Enough people remarked that it looked just like regular handwriting, so I started doing it much more quickly and carelessly since that appears to be the normal way of doing a signature. Now, no matter how I try, I can't make it quite the same way twice, except maybe the capitals. I generally don't get all the letters into the last name either, and which ones make it in changes from one attempt to the ne
  • I can't draw...
  • Normal signature (Score:5, Insightful)

    by LiquidCoooled (634315) on Thursday November 01, 2007 @07:38PM (#21205481) Homepage Journal
    A normal signature is a picture drawn in a certain fashion with a specific flow and strokes.
    We have had signature recognition for a while.
    Whats new?
    • Re: (Score:3, Interesting)

      by schmiddy (599730)

      Yeah.. different methods of signature recognition have been around for quite some time, and never really caught on. A friend just did his senior undergrad thesis on a survey of techniques for signature detection [slyengineer.net], and it's actually a pretty informative read. Long story short.. even the advanced models have too high false-positive rates, especially from skilled forgers who have time to practice copying your signature at home, or even casual over-the-shoulder copying.

      The only real future use of this I see

    • by FleaPlus (6935)
      A normal signature is a picture drawn in a certain fashion with a specific flow and strokes.
      We have had signature recognition for a while.
      Whats new?


      Usually a person only has a single signature that they keep throughout their lives, whereas in this scheme it seems that a person can have several drawings. That signature can be found on any of the countless documents you've signed throughout your life. Also, if you see what a person's signature looks like it's somewhat straightforward to determine how to forge
      • by Eskarel (565631)
        I think the question is more what's the technological innovation. The slashdot crowd aren't really much for innovative uses of existing processes as you'll see if you take a look at any patent conversation. So since there isn't any technical difference between matching a signature and matching a picture then it's not really technologically new and therefor uninteresting.
    • Whats new?

      Four simple words: "on the internet".

      (I estimate 60% or responses will reference my counting ability.)
  • Damnable Security! (Score:5, Insightful)

    by roguetrick (1147853) <kazer@brIIIigands.org minus threevowels> on Thursday November 01, 2007 @07:40PM (#21205505) Homepage Journal
    I wonder how many users will just end up drawing Stars, Hearts, and Smiley Faces?
    • Exactly what I was thinking.

      I have trouble drawing stick figures.
    • by Kingrames (858416)
      How many ways do you suppose you can draw flowers, hearts and smiley faces though? recording where you start, where you end, and the position on the screen, and the size, and the shape...

      It's bound to be more complex than a password the average user can create. And might be less susceptible to keylogger-type software.
      • by imsabbel (611519)
        Either you are to anal about stroke positions and lenght (and nobody will be able to remember their picture), or most smileys will work as the same.

        Its not a single bit easier to remember "I have to set the eye in cell 12/54, the other one in 33/54. After that the circle should go up to row 10 and down to row 65 , ect..." that to remember a complicated password.

         
    • by insertwackynamehere (891357) on Thursday November 01, 2007 @08:34PM (#21206019) Journal
      I smell pictionary attacks!!

      Imagine pictures of common passwords/objects being drawn everywhere on the screen at different rotations and scales in rapid succession.. or just a brute forcer which didn't even make legible images 99% of the time
    • by JonathanR (852748)
      At least people with poor drawing skills won't be so keen to use a sticky note on their monitor to display their talents.
  • 2 characters. (Score:5, Insightful)

    by Kaenneth (82978) on Thursday November 01, 2007 @07:41PM (#21205517) Homepage Journal
    Or you could add 2 alpha-numeric characters to an existing text password, for more than 1000 times security.
    • Re:2 characters. (Score:4, Insightful)

      by Dirtside (91468) on Thursday November 01, 2007 @08:10PM (#21205809) Journal
      Adding two alphanumeric characters (a-z, A-Z, 0-9, for 62 characters) would increase the keyspace by a lot (a factor of 3,844, to be precise), but it doesn't increase overall security by that much except against brute force attackers. It certainly doesn't make it a thousand times harder to shoulder-surf, or keylog, or social engineer, or...
      • Yes, but this picture password doesn't make it that much harder to shoulder-surf, or penlog, or social engineer, or...
        • Re: (Score:3, Insightful)

          by QuoteMstr (55051)
          I'm a skeptic, but at least it has the social engineering thing going for it.

          "Hey, Susan. I'm Bob from IT. We're doing a company-wide password security survey, and I need to get yours down. Can you let me know what it is?"

          "Well, hi Bob. It's sort of a dopey-looking antelope with horns and big teeth."

          "Ah. Thanks." *click*
  • More Secure? (Score:3, Insightful)

    by 56 (527333) on Thursday November 01, 2007 @07:42PM (#21205527)
    It seems to me that this would drastically increase the security of passwords from attack by machines but would make them more susceptible to attack from humans.

    There are only so many places to start drawing your password on a picture and a human would recognize that. People would probably draw birds in the sky and dogs on the ground, right? Also, I would guess that people would make linear leaps with their pictures: someone will draw a bird, and not a fish, in a picture of a tree.

    That said, I'm not saying that this isn't a worthwhile endeavor, just that it wouldn't necessarily be as secure as it looks at first glance.

    • by springbox (853816)
      Maybe that's the case for your average user who uses "1111" for their password, but other people (hopefully people on here) know the value of using varied, long, and unique passwords. That's why I plan to draw a rocket train blasting out of a hole in the bottom with a kitty cat for a conductor in each of my picture passwords.
  • by Doppler00 (534739) on Thursday November 01, 2007 @07:44PM (#21205557) Homepage Journal
    How many people will use a picture password of a stick man, tree, or a happy sun?
  • IMHO this is pretty good for people who can do calligraphy reasonably well.

    For example, to write Chinese characters properly, you need to remember the correct "stroke order" for each dash or dot in the character, and repeat it every time you write. The position where each stroke begins and ends is also fixed. It takes some training, discipline and drilling to learn writing like this though. For sloppy writers like me (I even had trouble writing pretty letters in school, mostly due to lazitude), this may not
  • by John Pfeiffer (454131) on Thursday November 01, 2007 @07:46PM (#21205577) Homepage
    ...the reality is that this story should probably be tagged 'security through never-being-able-to-access-your-stuff-again'
  • People would just use lines for their picture, cracking will become a game of battleships at best and at worst a program will play it for you.
  • Two serious problems (Score:5, Interesting)

    by adminstring (608310) on Thursday November 01, 2007 @07:49PM (#21205621)
    1. An artistically-inclined person looking over your shoulder might be able to draw your image about as well as you can. With a conventional keyboard password, I can block the keyboard with my body so others can't see what I'm typing, and I can pretend to press keys that aren't in my password so even if they can see, they are thrown off. There is less you can do to block a screen you have to look at to draw properly.

    2. Some people's hands shake when they've had too much caffeine, most people's fingers get stiff when they've been out in the cold, and some people have degenerative diseases which make typing a one-letter-at-a-time proposition. Drawing would be very difficult in all of these circumstances. Perhaps this is why TFA says that 5% of users couldn't recreate their image within three attempts a week after first coming up with it.

    I don't think this technology is going anywhere any time soon.
  • by Rodyland (947093) on Thursday November 01, 2007 @07:51PM (#21205645)

    8==D


    Who'd have guessed you could use the same password in both systems?

  • by iago (4917) on Thursday November 01, 2007 @07:58PM (#21205707)
    At least my idea for a Dance, Dance, Revolution password authentication scheme is still intact.

    Patent pending, patent pending, patent pending.
  • All this hifalutin tech to solve a simple problem. Sheesh.

  • by Kainaw (676073) on Thursday November 01, 2007 @08:19PM (#21205883) Homepage Journal
    If you remove the background picture and the act of displaying what you draw to everyone within eye-shot, I've already done that at http://shaunwagner.com/index.html?page=Projects%2FJavascript%2FMouse+Password [shaunwagner.com]

    Does it work? No. It is far too difficult to draw the same image twice without seeing what you are drawing. If you can see what you are drawing, so can everyone else - then they can draw the same image.
  • Back when I depended on my Palm III for keeping track of my schedule and contacts, I also stored credit card numbers and passcodes etc. that needed to be secure. I purchased a product called OnlyMe [tranzoa.com] which allowed pseudo-graphical entry of passwords. They encouraged you to enter a password using a series of strokes without lifting your stylus. From their site:

    To allow extremely quick and easy password input, OnlyMe's keys allow you to "press" them without lifting your stylus from the surface of the device! Yo

  • your average forum avatar is 25kilobytes

    your average good alphanumeric password is 9-18 bytes

    guess which one would be harder to crack, even with a "fuzzy" range
  • "The most exciting feature is that a simple enhancement simultaneously provides significantly enhanced usability and security."

    I fail to see how this idea could even *remotely* be construed as providing "significantly enhanced useability". The security aspect is at least arguable (and I actually don't buy that either), but in no way shape or form could such an idea *ever* be called "more useable." Consider:

    * It takes me about a second to type a password. How long would it take me to move my mouse pointer
  • "thousand times more secure than ordinary textual passwords. "

    Sure, but like a half the poster have already said you are going to have a 80% of end luser drawing happy faces, smileys and stick figures with giant cocks. Easy to dup and a thousand times less secure than a regular pass.

    Plus the problem with the signature recognition people have talked about in other posts is that the tools already available at retail stores all suck nuts. You ever try signing your name for a credit card transaction?

    It never
  • Many years ago we did authentication this way:
    The system displays a long random number (e.g. 40 digits) plus some tick marks. You pick certain digits, do a simple operation with them, and enter the result. E.g. ( 5th digit + 2nd digit) * 12th digit. We did that after a normal password.

  • So, according to the movie "Hackers", the most common passwords are "god," "sex," "love" and "secret."

    With this pass-image scheme, the favorite pass-images will be what? Boobs, penises, and goatse.cx?
  • ...some little SOB passed a magnet over my Etch-a-Sketch, which totally ruined my secure signature. grrrrrr... closely watching those hacker types in the office.
     
    Yep, this idea is as solid as sand. Had to much to drink, or? Christ, my signature is never "exactly" the same, and I sure as hell can't draw.
  • I beg of you.. Imagine the call..

    User "I have forgotten my password"

    admin "let me just reset it for you, the default password is a square with a star inside started at grid co-ordinates 0,3 going to 0,10 then down to 10,10... Don't forget to lift your pen at each courner"

    Just kill me now please.
  • by PineGreen (446635) on Thursday November 01, 2007 @11:33PM (#21207419) Homepage
    Oh no:

    Password too simple. Password must be at least 8 strokes with at least one diagonal one and one wiggly one.
  • Makes "is the caps lock key down" seem down right ordinary.

    Mike
  • I've never understood the fascination with pictographic security measures. It seems very rube-goldberg and introduces several counter-intuitive factors that could end up locking out legitimate clients from their own data, if something were to happen to them that would permanently alter how they enter such a code. (The same could be said for biometric security measures, as well...)

    For example, what if the user were to end up blind, paralyzed or damages / loses part of the limb used to enter such a code? At l
  • I was a consultant at a large UK retail bank and we were going to use a type of picture/CAPTCHA on the online banking solution. Except that the RNIB (Royal National Institute for the Blind) [rnib.org.uk] consultancy operation basically told us that if we went ahead they would be forced to "go to the newspapers" and also would consider taking action under DDA (Disability Discrimination Act) [opsi.gov.uk] legislation.

    It's really important to consider (in the UK at least) that around 10% of the online population will not be able to s

  • by sqldr (838964) on Friday November 02, 2007 @05:22AM (#21209357)
    I can already see the movie scene where they crack the chief of the FBI's laptop by guessing his pictogram.

    Stacey: Try drawing a massive cock..

    Arnie: I'm in. Lets get to work

"Never ascribe to malice that which is caused by greed and ignorance." -- Cal Keegan

Working...