The Problem With Windows 8's Picture Password 206
alphadogg writes "The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token. 'It's cute,' says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. 'I don't think it's serious security.' The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance — making it relatively easy to compromise, he says."
Video?! (Score:5, Interesting)
Re:Video?! (Score:5, Interesting)
Right. Because other than logging in, nobody ever touches the screen of their touchscreen device. Furthermore, typing a password on a touchscreen keyboard doesn't leave smudges that could be seen by anyone... Come on dude.
I actually have a BUILD tablet (the ones MS handed out in September) and I use the picture login. It keeps the tablet private enough for my purposes. Of course, my password is to simply triple-tap on a particular spot on the image, so it doesn't leave a grease trail that stands out, particularly.
Re:Video?! (Score:4, Insightful)
Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.
Re:Video?! (Score:5, Informative)
There is still the question of getting the swipes in the right order.
When I wrote a PictureLogin beta app for Palms (back in 2007; no, it's not prior art for the MS patent, as it was tap-only rather than swipe), I made PictureLogin act as a quick login screen, with an immediate fallback to the default passkey login if it failed. It would be very unlikely an attacker would get in on the first try, but it would allow users to have a very fast login with as few as two taps, or maybe even with only one if one was willing to take a risk. That would also help with the fingerprint problem. I think I was also thinking about some security-by-obscurity options, such as a user using some fake form as their PictureLogin image, so that someone who stole or found the device would not know that it's actually a PictureLogin login screen. You turn it on, and you see some normal Palm screen. You tap once or twice in the right place(s) and you're in, and you tap even once in the wrong place and fall back. I never got around to a full release of PictureLogin, though the code is open source.
Re:Video?! (Score:5, Interesting)
Its not about the probability of other fingerprints on the device - all you need is a fairly good idea of where someone has been tapping on a photo, and from the photo you will probably be able to guess which points they've used.
So don't just have them tap on parts of a photo. Present a display showing 255 photos, each arranged into a little icon. And ask the user to "touch" the right icon.
Once they've touched the first photo, show another display of 254 more photos, the photo they picked before can no longer be picked.
After the user's chosen four different photos, from four disjoint lists of 255 photos, show a fifth photo that is algorithmically derived from their previous two choices.
Their previous four choices combined with the points on the photo they select, form a password that is much more secure than what the average person uses and can remember as a password.
there were at least 255 * 254 * 253 * 252 (4 billion) possible choices of photos they can pick, if the order of selection matters, and then after you add the unique points they chose on the fifth photo.
You have a password that is much better than the person's daughter's name, or their middle name + phone number
Re:Video?! (Score:4, Insightful)
As someone who has owned several touch-screen devices over the last decade, I've noticed that it's a common occurrence for the oil on fingers to accumulate in a tell-tale trail on the screen if you're often swiping a particular pattern. It's the primary reason I switched to a numeric pin rather than the pattern-based authentication on my Android phone. Doesn't seem to happen with taps as it does with swiping.
Re:Video?! (Score:5, Informative)
you must not use finger touch tablets very often.
I can always tell when someone plays a certian game on my phone, ipad, nook color. why? because the oils streaks have a pattern to them. certain games leave specific patterns. you may not know which is the begining. but if 1/3 the screen doesn't have any oil on it then those parts are ones you dont' have to think about.
Take a standard password of 12 keys. Now with a glance eliminate 75 out of 101 keys on the keyboard. It becomes a whole lot easier to brute force now.
Re: (Score:2)
That's why many of the gestures are directional. Compared to a pin, it's much better. And a 4-6 digit pin on a phone/ipad/etc is definitely the main comparison here.
Re: (Score:2)
The smudge of an unlock pattern is pretty easy to spot, which is why I very quickly went back to using a pin on my Android.
If you don't believe me, start looking at other people's Androids and you'll pretty quickly find a way in.
Re: (Score:2, Informative)
i take it you haven't tilted your touchscreen to see the smooth path that is worn in at the most used points on the screen.
This is a problem with androids pattern lock and the screen protector film overlays.
Over time, the film develops a smoothness along the path where you're finger glides in order to trace out the lock pattern.
guessing someones lock pattern is simple as tilting the device to make light reflect in a way that reveals the differences in roughness on the screen protector film.
Re:Video?! (Score:5, Insightful)
Re:Video?! (Score:5, Interesting)
Even in the worst-case scenario where the computer was used for nothing but logging in with the picture password, the math works out that it's still more reliable than the 4-digit pin that many other devices use.
I'm not so sure I trust the math, since the math is only part of the equation. (no pun intended...well, maybe it was)
They claim that a 3 tap password has 2.7M combinations, but that's only true if each of the coordinates on the screen was equally likely to be tapped.
But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.
Likewise, instead of a single line resulting in 1,949 unique gestures, in reality there are only 6 likely candidates. (and I bet most of the time if I draw the line from the face of the guy holding the dog's leash to the dog, then I'll have guessed correctly)
Sure, someone may decide to tap on the lower left corner of the blank wall to make their passcode more secure, but the average person will probably stick with the faces.
Re: (Score:3)
Re: (Score:2)
Why did my mental voice suddenly shift to a low monotone when I read that?
Re: (Score:2, Informative)
without proof that most people will choose easy-to-guess gestures is just as fallacious as just giving the number of unique combinations
Considering the amount of evidence out there proving that, left to their own devices, a large majority of people already use easily guessable passwords (NYT [nytimes.com], 2011 Worst Password Study [mashable.com], and on, and on...), this isn't a stretch at all.
In fact, your non-logic deserves a spanking considering how easy a simple web-search is on this subject. Try a little harder next time.
You assume that designers are idiots (Score:2)
But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.
In that case... don't choose an photo of 2 people and a dog.
What you're saying is "This system has very poor security, if they choose the pictures poorly and each picture has very few probable combinations". Pretty obvious answer is: Don't choose such pictures. I'd guess that before they choose a picture for this purpose, they do some testing on what kind of patterns people use and discard the pictures where there is too little distribution. Of course, users may always use the most obvious pattern and the
Re:You assume that designers are idiots (Score:4, Insightful)
But if the security image is a photo with 2 people and a dog, against a white wall it's pretty likely that I can guess where the taps are, so I only have to guess the order.
In that case... don't choose an photo of 2 people and a dog.
What you're saying is "This system has very poor security, if they choose the pictures poorly and each picture has very few probable combinations". Pretty obvious answer is: Don't choose such pictures. I'd guess that before they choose a picture for this purpose, they do some testing on what kind of patterns people use and discard the pictures where there is too little distribution. Of course, users may always use the most obvious pattern and they might be able to choose a picture themselves and use too simple picture... but users can also choose very stupid passwords.
That's my point exactly - in the lab, I'm sure this is a very secure system and can be made to be much more secure than a traditional passphrase. But in the real world, people see security as something that gets in the way, so they choose something easy to use, not something secure, so this ends up being not any more secure than any other system.
Re: (Score:3)
MS addressed the insecure picture idea in one of their blog posts. It's insecure if you have only one or two points of interest, but with 3 or more the security goes up quite a bit because each of the POI's has numerous things that can be attributed to them - taps, swipes from one to another in either direction and different sizes of circles. Then you have to get the order right on top of that. Yes, there are other issues for sure (Smudges, etc.) but the points of interest one isn't actually that bad.
Re:Video?! (Score:5, Informative)
The math used for comparison typically assumes that there are 10 points of interest in an image. Obviously there's a range depending on the image but most have at least 10. Just don't use Japan's flag as your image and you should be okay. Since lines are directional, when you say 6 likely candidates for lines, that works out to three points of interest: A->B, A->C, B->A, B->C, C->A, C->B. So that really isn't true at all.
The meaty bit at the end of their math is this: "Assuming the average image has 10 points of interest, and a gesture sequence length of 3, there are 8 million possible combinations, making the prospect of guessing the correct sequence within 5 tries fairly remote."
The table at the bottom is good to look through.
http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx [msdn.com]
Bottom line, for 3 gestures on a typical image, 8 million > [10,000 to 1,000,000] (possibilities for a 4 to 6-digit pin, the valid comparison for this)
Re: (Score:2)
Re:Video?! (Score:5, Insightful)
Just look at the greasy finger marks
You know, the OS could mitigate this quite easily by moving around the picture, reorienting or rotating it. This would eliminate the benefit of muscle-memory, but allow it to be more secure.
Re:Video?! (Score:4, Insightful)
Yeah, you can do that on a computer with a REAL screen, not those little iToys that all the cool kids have to carry around with them these days.
Can't wait for this fad to die down a bit so we can quit hearing all these retarded stories about "The Desktop Computer is DOOOOOOMMMEEEDD!" all the time.
Sure, it's eventually doomed, but not for a long time still. There are so many things that I do on a triple headed desktop that I would never want to attempt on a mobile or pad. (Coding, taxes, etc.) And some things are more convenient on a mobile device. (Driving directions, reading the news over lunch, etc.)
CricKet MessageMate II WTF! ;)
Re: (Score:2)
Ha! Oops, that was supposed to be FTW, not WTF... :)
Re:Video?! (Score:4, Interesting)
The portion of the picture that is shown for Picture Password is cropped and moved around the screen, specifically to mitigate a "smudge attack".
Re: (Score:2)
Actually no. They considered this in the follow up blog post. Turns out it gets easier to spot patterns that way because of the relative position of multiple smudges. So you can isolate the password pattern from normal use easily.
Re: (Score:3)
Re: (Score:3)
I wish my Android swipe-unlock-pattern would present itself at different locations on the screen so the unlock swipe pattern would be more randomised.
Hey, I should patent that!
Passwords susceptible to surveillance, more at 11. (Score:5, Insightful)
Surely an accomplished individual like him could put out a serious paper on why picture passwords aren't good security, if they aren't. The math seemed alright in the Microsoft blog, so I don't know what the problem is.
Oh, I know what it is, he's the head of a company that offers alternative security products that use multi-factor authentication. *Of course* well implemented multi-factor auth is more secure than single-factor, but if he weren't in charge of a company trying to sell a product, would this article even exist? Probably not.
Re: (Score:2, Informative)
http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx [msdn.com]
http://blogs.msdn.com/b/b8/archive/2011/12/19/optimizing-picture-password-security.aspx [msdn.com]
Re:Passwords susceptible to surveillance, more at (Score:4, Informative)
I have heard of a version of this that works.... (Score:2)
I have heard about "image" password that sound like they could work.
Your password could be "car" and "Flower". You would be presented with a "random" photo that had lots of things in it - but only a single car and flower. Humans can pick out the car and flower easily - even when presented with a new photo. Harder to automaticly hack.
Of course it's not foolproof. For that I give you xkcd.
http://xkcd.com/538/ [xkcd.com]
Re: (Score:2)
Because the Android "connect the dots" is so much better. Not to mention using a standard 10 key on iPhone. At least somebody is trying.
In other news (Score:5, Insightful)
The lock on your diary offers little protection from a skilled locksmith most can be opened with a simple bent piece of metal.
If you have someone following you around with cameras trying to capture your login info to use later when they have physical access to your machine a traditional password probably isn’t going to cut it either. This provides the same kind of “guy walking by” protection as traditional passwords do. Ok, maybe less.. but still. Maybe this will actually push people towards more secure auth for serious things by highlighting how insecure a basic password is.
All that said, I think it’s a pretty stupid feature ;p
Re:In other news (Score:5, Funny)
All that said, I think it’s a pretty stupid feature ;p
Ah, but if you imagine goatse as the login photo...how brilliant is that?
cheers,
Re: (Score:2)
Comment removed (Score:5, Insightful)
Re:Well of course not... (Score:5, Insightful)
I dare to disagree. Bad security can actually be worse than no security. For more than one reason.
First, the obvious one: People rely on security and act as if they're protected even though they are in fact not.
The less obvious one is that a faulty and flawed security mechanism actually offers another attack vector. To use an example from a real security problem, imagine a door without a lock and no handle, opening to the outside. Without handle or lock, the door cannot be opened from the outside, since there is no way for you to pull at it, and pushing it won't do you no good. And a good, solid oak door is quite hard to bash in. Add a lock and you not only offer a point where an attacker can actually put a hook, you also have to weaken the door to apply the lock. If the lock is now flawed and easy to pick, you actually lowered the security of the door by adding a lock.
It's the same with flawed IT security mechanisms.
Re:Well of course not... (Score:5, Insightful)
Re:Well of course not... (Score:4, Insightful)
Your door analogy is fundamentally flawed, because the user has to get in some way, otherwise the house (or PC) is useless. The same applies to both. On the house, sure that particular door is difficult to break into because you can't open it from the outside. But somewhere on another wall there's another door that can be opened from the outside, and will have traditional security measures.
That's the whole point of security - to allow authorized entry while making it difficult for unauthorized entry. Your suggestion of making entry impossible is mind-bogglingly stupid in this context.
Re: (Score:3)
Also, you're clearly not thinking about it enough. A suction cup will easily allow you to pull the door toward you. Security through obfuscation ("I can't figure out how to pull this door open, there's no handle!" or "I can't figure out how to decrypt this file; it's a custom crypt algoritm!") is about as useful as its name sounds. Anybody who bothers to really try will probably find more weaknesses in the method you used than in the well-known and widely-tested techniques.
Re: (Score:2)
Re: (Score:2)
Bad security can actually be worse than no security.
These types of arguments tend to run on one of two lines: people trusting that which they shouldn't and examples of simple broken systems.
There is nothing you can do about people trusting systems they shouldn't. Houses have many ways in that are usually easier to open with tools than the doors. Windows are used for entry because you only need a fist to break most. Walls are just as easy with power tools. It's the social contract between people that prevents this type of security problem. Locks on you
Re:Well of course not... (Score:4, Insightful)
Exactly. The weakest point in any security system will always be the user, and unfortunately, the user is the hardest weakness to combat.
Consider forcing password changes at certain intervals: 99% of the time, the new password is the same as the old one with a variation of a single character; e.g., "Flower" becomes "Flower1". Then, next time there's a forced password change, they just set it right the hell back to "Flower", or go up to "Flower2".
Then there's the systems where the password is provided, usually gibberish alphanumeric of a certain character length. Nobody can remember that shit, so what does everyone do? Write it the hell down somewhere, or store it in a text file; usually fucking called "Passwords", because people are retards.
No matter how elaborate your security is, the user will find a way to fuck it up. A door won't be closed, a document won't be shredded, a workstation won't be locked, a security protocol won't be followed, and it's always for the sake of the user's convenience. The more of a pain in the ass it is, the more likely it will be compromised by laziness on the part of the user. That's just how people are; not all of them, but a lot of them.
I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.
Re: (Score:2)
You clearly forgot QWERTY and ASDFG!
Re:Well of course not... (Score:5, Insightful)
That's just how people are; not all of them, but a lot of them.
I mean, stories of people getting hacked or their identities stolen are in the news all the time, and the most common user-created passwords are still ridiculous shit like "1234" and "ABCDEFG". Clearly people would rather accept the risk of a weak password for the sake of convenience. Either that or they really are retarded.
Since clearly most people are not retarded, but are using the system as if they are retarded, then the system is the problem. Blaming the users is pointless, you're not going to get better human beings to use your system, so you've got to change the system.
As XKCD and many others have pointed out, we have a pointlessly hard method of specifying passwords...if it's 'strong' it can't be easily remembered, and will be written down or re-used on multiple occasions. If it's easy to remember then it's easy to guess. In other words, we have a system that is easy for computers to implement, but hard for humans to use.
There must, surely, be better ways of doing this that work with the way the human brain works to encourage stronger security. After all, it's a lot easier to change the security implementation than it is to change the human brain. We need to find a better system and not just stick with the current broken one and blame the users for being retards.
I'm glad someone is trying something different that might make security better.
Re: (Score:3)
Since clearly most people are not retarded...
Excuse me, but that is not clear at all.
Re: (Score:2)
I pick decently long and complex phrases that I already remember as my passwords. Song titles are a pretty good pick: TheGirlFromIpanema is decently long, already memorized, easy enough to read off to somebody else if necessary and has a few obvious mutations if needed for subsequent incarnations.
*Disclaimer: Not good for all songs. I believe 'If' was a #1 song in the 70s...
Re: (Score:2)
Re: (Score:2)
You know why people use stupid passwords like 1234 and abcd? Because it's only reasonable. My laptops password is 'yo'. It let's me log in or unlock quickly and still doesn't allow my roommate to snoop around in my laptop. That's it! That's all the security I need, that nobody can post shit from my facebook account. There's no secret data I'm carrying around.
Re: (Score:2)
"good" is a relative measure. A code of 4 numbers can be good security for your garden shed, and passwords are entirely sufficient for most stuff online (really, how much security do your various forum accounts need? What's the threat level?).
Yes, making security hard is the wrong approach, it does make people circumvent it. No, dumbing it down so they use it, but it doesn't really provide any security anymore is the wrong answer, because it generates a false sense of security, and that is much worse then h
It also leaves smudges (Score:4, Insightful)
Re: (Score:2)
I've always wondered why Android's grid unlock function didn't allow a 'cell' to be hit more than once. ThrottleLock - a lock screen 'app' for Windows Mobile - does allow this.
In addition, you would fail miserably with my pattern, even though it's only three swipes, because although you can't hit a 'cell' more than once, you can certainly swipe over it more than once - but you'd need more than a cursory glance at the light reflecting off of it to figure that one out.
Plus this would only really work well if
Re: (Score:2)
Re: (Score:2)
Directional gestures like drawing lines and circles are a lot harder to figure out based on the smudges. You still only get max 5 attempts before the device self-destructs the decryption keys to its data. So even if you can see the exact smudges from the login perfectly, you're still unlikely to guess right with both order and direction.
Re: (Score:2)
So you want to break into a tablet that belongs to your boss. He leaves the tablet on the desk but it's always locked. Here is the procedure.
When the boss walks away, clean the tablet and put it back. Wait until he returns and starts using it. Wait until he is distracted by something and walks away again. Look at the smudges. If not enough, wipe and repeat. The unlock pattern will be always there, unlike other random touches.
One way to plug this hole would be by using a numeric PIN and a numeric on-scr
Re: (Score:2)
Re: (Score:2)
Trivial to mitigate. Each time the image is shown, crop it a little differently and show it on a different part of the screen. Maybe even scale it or rotate it. Win8 implements at least a few of these mitigations.
I seem to recall an old standard . . . (Score:5, Insightful)
Hence, RSA tokens + passwords (something you have + something you know)
Smart cards + biometrics (not perfect, but something you have + something you are)
Or even all three, for the truly paraniod (smart card + biometric scan + password)
Even with all three, a sufficiently determined entity with sufficient resources can overcome it. Video recording + physical acquisition of the owned object + physical acquisition of the biometric object (hope it's just a fingerprint scan and not a retinal scan!) will get an intruder past the security trifecta.
What next, DNA + mind scan + a password > 512 bytes?
Re:I seem to recall an old standard . . . (Score:5, Insightful)
It has to scale to the requirement for security.
My slashdot account doesn't need three factor authentication, however I wish my bank would have at least 2 (seriously, I've yet to find any banks in Canada, let alone my province (Nova Scotia) that offer something beyond a password. The hell!).
Re: (Score:2)
mobile TANs are a relative of two-factor authentication, as they employ a secondary channel to transmit the TAN. You could say it's something you know (the password or PIN you needed to set up the transaction) and something you have (the phone that gets the SMS with the TAN), but that's a simplification.
Re: (Score:2)
You can compensate for password only by using randomly generated long passwords and save them with a program like Roboform so you don't have to remember or type them in.
http://www.roboform.com/ [roboform.com]
Re: (Score:2)
That's nice. But even Canada's largest bank only allows passwords 12 characters in length, and you can only use alphanumeric's.
Re: (Score:2)
Nope. Royal bank allows more. I have a 21 character password.
Re: (Score:2)
Last I checked that was only available to corporate customers .. unless they've started rolling it out for everyone (which would be awesome) not much good to me.
Re: (Score:2)
Every time I read something like this, Monkey Island and the escape from the cannibals comes to mind. People secure their door with ever increasingly complicated locks and ignore the fact that the burglar might just come through the wall.
Seriously, I've had more audits where it was easier to just ignore the login procedure and punch a hole into the "wall".
Re: (Score:2)
"Oprah, Barbara Walters, your wife. You gotta fuck one, marry one, kill one, go!"
Hence...
Fixed that for 'ya.
Windows 8 security sucks, but... (Score:5, Funny)
Re: (Score:2)
It can be blocked using Group Policy, yes.
(Seriously, does anybody bother to do even a little research before commenting? This was announced months ago!!)
How many memorable ways can one gesture a photo? (Score:5, Funny)
So QUERTY becomes "Head, Shoulders, Knees and Toes". I'm guessing in many cases that the picture itself would suggest how it was to be interacted with.
Re:How many memorable ways can one gesture a photo (Score:5, Funny)
Re: (Score:3)
Re: (Score:2)
Because I get aoeu when I type ASDF.
Re: (Score:3, Interesting)
How the hell do you typo QWERTY?
Good question and thank you kind AC for pointing it out. I guess it happened because my fingers don't willingly type misspelled words and I type 'query' about a million times more often than I type qwerty.
Re: (Score:2)
How the hell do you typo QWERTY?
ASDFG
Re: (Score:3)
That could work if you had pictures with multiple objects. Something like cat-ball-car ... But you would need some crowd sourcing to generate the data. Or use something like Settlers of Cattan pieces, or Magic the Gathering cards. Click 3 roads or 5 mana symbols.
Bonus points if you built a modular system.. So people can make their own image packs... Allowing for more "inside jokes".
Only reliable for hackers, not users? (Score:3)
Has he even tried this? I can't reliably login using the picture password setting, and I'm the one that set up the "password". I'm not convinced a video recording would suffice. I could, just as easily, video record your keyboard from a distance, but that's not going to net you my password very reliably either. Not unless you're a chicken pecker.
Joseph Elwell.
What really makes that method bad (Score:4, Informative)
You remember the passwords of the old days that your users had? That were the names of their loved ones, their birthday or the ever popular "test", "password" and "12345"?
Guess what, they'll get a revival. For the same damn reason: People have no idea about security and they don't give a fuck about it. They prefer easy to remember passwords to secure ones. Just that with picture passwords, unlike standard typed ones, it's kinda hard to implement password security standards.
Why it's more insecure than typed passwords? Well, take your average photo. Now imagine what 4 points a person might be touching in it. Can you spot more than 6 "sensible" spots? People will choose points in the picture that stand out, and there won't be many more than 4-6 points that stand out. Unless some kind of 3-strikes-rule gets implemented (not bloody likely on a private computer, or even corporate computers after helpdesk had to reset the password for the n-th time because people failed to hit the right spot on their picture), it just takes rather few attempts at "connect-the-dots" before you find one that fits.
Re: (Score:2)
It's for devices with hardware security to enforce a ~5 attempt max and self-destruct the encryption keys. So any phone/tablet pretty much fits the bill. It's not intended for traditional desktop machines. Here's my current background image: http://i.imgur.com/eJqQF.jpg [imgur.com]. I'm pretty sure I can spot more than 6 points of interest.
Re: (Score:2)
I'm pretty sure I can spot more than 6 points of interest.
Yes, if the picture is shown on a 22" LCD.
However have you seen the iPhone 4S lately? Its screen is so small, compared to your finger, that it's hard to have more than a few unique points that stand out and don't interfere with each other. In your picture, for example, one group of red flowers would be one point, and another group - another point. The tree top could be recruited as yet another point, and that's about all. Other points, even thou
It's Worked Before! (Score:2)
Am I the only one that has seen the film adaptation of Johnny Mnemonic? Only government-sponsored dolphins will be able to crack into Windows 8 with this enabled!
The same RSA token that was hacked this year? (Score:3)
To be fair he *is* an expert in poor security.
Children & dorms (Score:2)
hmm (Score:3, Insightful)
Well, shows what I know... (Score:2)
And here I thought the major problem would be "I'll feel stupid using it." ;)
Yeah -- already described in this paper (Score:2)
http://cs.dartmouth.edu/~averyyen/CCP/project.pdf [dartmouth.edu]
But seriously, wouldn't anyone actually coding this system up for production use quickly realize that some points in a picture are going to be chosen more often than others?
Tactile Engineering (Score:2)
And that photo of Felicia Day the Slashdotter was using as his security picture? Eleven out of ten security specialists guessed two points on the touch screen in less than a second.
Here is how you make it more secure (Score:4, Interesting)
All of these would help secure picture passwords and protect against snoopers.
Re:Another problem (Score:5, Informative)
Re:Another problem (Score:4, Informative)
Re:Another problem (Score:5, Insightful)
- What are you doing with this knife?! Aaaaaaaargh...
- You sick fuck! And what makes you so sure I use right index finger anyway? No, wait, this was just a joke!
- Omg, he has an axe too
- Well, I can't use fingerprint scanner anymore so I will get a laptop with iris scanner. What could go wrong?
Re: (Score:2)
Then you can use the actual password on the on-screen keyboard.
And if they use the on-screen password to mistype the actual password intentionally, enough times to get the unit to lock out / self-destruct, as their form of deviousness ?
The problem with entering an actual password using an on-screen keyboard, is that this is easily videotaped. And therefore insecure.... oh wait...
Re: (Score:2)
Those are two different problems. Typically a brute force attack would be carried out against the password hash. So you get access to the hard disk and you want to figure out some guy's domain credentials. That's the 8+ digit password that's slow to brute force. The comparison here is against 4 to 6 digit pins you find on most tablets, eg ipad. The hardware holds the encryption keys and only allows a few attempts before permanently destroying the decryption key. That effectively erases the device. So in cas
Re:Unlike any other authentication... (Score:4, Insightful)
The interesting thing to me is that on a photo there would be obvious "points of interest". If you had a picture of a few friends, you would likely use their faces as touch points. If you had a picture of a hillside with some houses, those would likely be the points that get touched. Don't get me wrong, I like the idea of this rather novel password concept, but I think that in terms of security (at least for the most part) that any photo would have obvious points that narrow down the possibilities.
Re: (Score:3, Funny)
Re: (Score:2)
Anybody who really wants in us going to find other ways. If the device is stolen, they're most likely to want to wipe it and pawn it. If somebody is after information, they wont mess around and take it to somebody with skills.
That said, I still like KittenAuth. You could link to cheezburger and have an grid of constantly changing pictures. Then pick Kitten-puppy-turtle... Still easy to snoop with video, but again, anybody going to that trouble has done their homework.
Re: (Score:2)
What makes me worry about Win8 is them pressing hard to merge Win8 with their next console OS. I sincerely hope this will not be pulled through. It's already bad enough that you need a Windows Live account for more and more games you try to play on your PC, but pretty much being forced to have one gets kinda ridiculous.
And I fully expect that to happen. I just got a Windows OS based cellphone at work (not my choice, mind you...). No Zune account, no system update. Think it will be different with Win8?
Re: (Score:2)
Yup. But way harder to guess.
Lame - most people click on same things (Score:2)
Lame - most people click on same things; years ago somebody did this on a website along with stats on the clicks and you could easily see that people picked the same stuff just like they do with passwords... except passwords are far more flexible than a few x/y coordinates.. sure you could save a ton of them trying to make a simple signature which would help greatly but it wouldn't be any greater than a signature, which is something that doesn't compare to a decent password.
I'm sure we will hear of people h
Re: (Score:3)
The "things" that matter the most to me, my most valuable "things", are protected by a flimsy wooden door with easily breakable hinges and easily pickable locks - my wife and kids. I would think if you apply your logic, then unless your wife and kids were locked up in a vault in, say, fort knox, you would consider it unsecure?
My point being that it's a risk/reward thing. If you have something on your tablet that needs 3 factor authentication, you would have 3 factor authentication. But not everything needs
Re: (Score:2)