Picture Passwords More Secure than Text 261
Hugh Pickens writes "People possess a remarkable ability for recalling pictures and researchers at Newcastle University are exploiting this characteristic to create graphical passwords that they say are a thousand times more secure than ordinary textual passwords. With Draw a Secret (DAS) technology, users draw an image over a background, which is then encoded as an ordered sequence of cells. The software recalls the strokes, along with the number of times the pen is lifted. If a person chooses a flower background and then draws a butterfly as their secret password image onto it, they have to remember where they began on the grid and the order of their pen strokes. The "passpicture" is recognized as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly. The software has been initially designed for handheld devices such as iPhones, Blackberry and Smartphone, but could soon be expanded to other areas. "The most exciting feature is that a simple enhancement simultaneously provides significantly enhanced usability and security," says computer scientist Jeff Yan."
I dont think so (Score:5, Interesting)
Easier in Asia... (Score:4, Interesting)
That's right, there's a proper way to write every one of the thousands of characters, right down to stroke order and placement.
Two serious problems (Score:5, Interesting)
2. Some people's hands shake when they've had too much caffeine, most people's fingers get stiff when they've been out in the cold, and some people have degenerative diseases which make typing a one-letter-at-a-time proposition. Drawing would be very difficult in all of these circumstances. Perhaps this is why TFA says that 5% of users couldn't recreate their image within three attempts a week after first coming up with it.
I don't think this technology is going anywhere any time soon.
Re:Easier in Asia... (Score:4, Interesting)
Been there. Done that. (Score:4, Interesting)
Does it work? No. It is far too difficult to draw the same image twice without seeing what you are drawing. If you can see what you are drawing, so can everyone else - then they can draw the same image.
Re:Normal signature (Score:3, Interesting)
Yeah.. different methods of signature recognition have been around for quite some time, and never really caught on. A friend just did his senior undergrad thesis on a survey of techniques for signature detection [slyengineer.net], and it's actually a pretty informative read. Long story short.. even the advanced models have too high false-positive rates, especially from skilled forgers who have time to practice copying your signature at home, or even casual over-the-shoulder copying.
The only real future use of this I see is as one component in a highly secure, long-term, yet convenient, authentication mechanism.. perhaps for accessing a lockbox at a bank, something you'd need to have around for many years without remembering and changing a password. And even then, they'd have to additionally use at least "something you know" (name,SSN, etc that you won't forget) and possibly another "something you have" (fingerprint reading, perhaps) in order to get the false positive and false negative rates acceptably low.
Re:And "shoulder surfing". (Score:3, Interesting)
It's not as difficult as you think. It's a standard magicians trick to secretly watch a persons hand/pen movements and then 'magically' re-create the drawing they made.
Re:I don't belive it. (Score:4, Interesting)