Picture Passwords More Secure than Text

Hugh Pickens writes "People possess a remarkable ability for recalling pictures and researchers at Newcastle University are exploiting this characteristic to create graphical passwords that they say are a thousand times more secure than ordinary textual passwords. With Draw a Secret (DAS) technology, users draw an image over a background, which is then encoded as an ordered sequence of cells. The software recalls the strokes, along with the number of times the pen is lifted. If a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. The "passpicture" is recognized as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly. The software has been initially designed for handheld devices such as iPhones, Blackberry and Smartphone, but could soon be expanded to other areas. "The most exciting feature is that a simple enhancement simultaneously provides significantly enhanced usability and security," says computer scientist Jeff Yan."

Meh.

[mingot]

I'd have to train myself to remember the strokes to draw something with the same movements and pen lifts. Sounds like a pain in the nuts to me.

Sounds hard

[dontthink]

I can't even consistently write my signature, let alone some arbitrary picture.

Normal signature

[LiquidCoooled]

A normal signature is a picture drawn in a certain fashion with a specific flow and strokes.
We have had signature recognition for a while.
Whats new?

Damnable Security!

[roguetrick]

I wonder how many users will just end up drawing Stars, Hearts, and Smiley Faces?

And "shoulder surfing".

[khasim]

If you have to draw a picture to login, it's going to be very easy for people to see what you're drawing just by being near you.

With typed passwords that is a lot more difficult.

2 characters.

[Kaenneth]

Or you could add 2 alpha-numeric characters to an existing text password, for more than 1000 times security.

More Secure?

[56]

It seems to me that this would drastically increase the security of passwords from attack by machines but would make them more susceptible to attack from humans.

There are only so many places to start drawing your password on a picture and a human would recognize that. People would probably draw birds in the sky and dogs on the ground, right? Also, I would guess that people would make linear leaps with their pictures: someone will draw a bird, and not a fish, in a picture of a tree.

That said, I'm not saying that this isn't a worthwhile endeavor, just that it wouldn't necessarily be as secure as it looks at first glance.

Re:I don't belive it.

[JackieBrown]

Will we need to draw a new picture every 90 days?

Easy dictionary attack

[Doppler00]

How many people will use a picture password of a stick man, tree, or a happy sun?

Re:I don't belive it.

[Anonymous Coward]

You draw whatever picture you want. The background image is just to give you a frame of reference so you know where you started.

I think most people will associate the same things to the same background (eg. flowers->bee) resulting in even less combinations... also, the universe of "drawable things" is smaller than the universe of words, and that is smaller than the universe of pass...

Re:Easier in Asia...

[mingot]

I'll bet they'll just pick a character instead of drawing a picture.

Re:Meh.

[wish bot]

Ordinary people have been doing this for hundreds of years. It's called a SIGNATURE.

Re:2 characters.

[Dirtside]

Adding two alphanumeric characters (a-z, A-Z, 0-9, for 62 characters) would increase the keyspace by a lot (a factor of 3,844, to be precise), but it doesn't increase overall security by that much except against brute force attackers. It certainly doesn't make it a thousand times harder to shoulder-surf, or keylog, or social engineer, or...

Re:Meh.

[X0563511]

Hmm, thats an idea. You COULD draw a picture, but if you "sign" a password, that only adds to the complexity of what an intruder must duplicate.

After a long time doing it, you would get damn fast at it too.

One problem however is disability. If I had a horrible accident and became a quadrapole, I could still recite my password to someone if need be... good luck doing that with this kind of authentication.

Re:Sounds hard

[Feanturi]

I have the same problem with my signature. At one time, it used to be very consistant, and quite legible. Enough people remarked that it looked just like regular handwriting, so I started doing it much more quickly and carelessly since that appears to be the normal way of doing a signature. Now, no matter how I try, I can't make it quite the same way twice, except maybe the capitals. I generally don't get all the letters into the last name either, and which ones make it in changes from one attempt to the next.

SHA

[h4rm0ny]

But on the subject of security, how would these passwords be stored? One nice thing with plaintext is that you never have to store anyone's actual password, only the hash of it. I suppose you could still create a hash of "1. stroke 47degrees 3%, 2, stroke 270degrees 22%" or whatever the password device spits out, but it seems to me that as this system requires a more sophisticated way of interpreting fuzzily matched movements, there might be problems with this approach or it could introduce weaknesses.

You could use some algorithm to simplify the users drawing, rounding angles (I punned! :D ), adjusting lengths, perhaps. But this would probably have the effect of narrowing the password space making it easier to crack the passwords. I'm not an expert in this area, I'd be interested to know if they've thought about this or if anyone else knows a bit more about it.

Re:SHA

[dvice_null]

The strokes could be stored e.g. as an xml file, and then we would get a hash of that file. So storing is not a problem, we can do it pretty much the same way passwords are stored.

Re:2 characters.

[QuoteMstr]

I'm a skeptic, but at least it has the social engineering thing going for it.

"Hey, Susan. I'm Bob from IT. We're doing a company-wide password security survey, and I need to get yours down. Can you let me know what it is?"

"Well, hi Bob. It's sort of a dopey-looking antelope with horns and big teeth."

"Ah. Thanks." *click*

Re:SHA

[mattpalmer1086]

You miss the point - there is no single way of drawing the "same" pass picture - only more or less similar ways. The values in your XML file you talk about would be slightly different each time you drew the pass picture.

Since even only a single bit difference to a hash algorithm generates an entirely different result, this means you can't hash that file and expect it to match a hash of the "same" pass picture on the server, unless you draw the pass picture absolutely identically every time.

So how do you securely store a user pass-picture on the server without risking its compromise if the server was hacked? Which was the point of the GP.