Pictures As Passwords
from the tell-a-story-with-your-password dept
The idea of using picture images as passwords is not new. It’s been talked about for years and even Microsoft is experimenting with the idea. In the past, I’ve trashed the idea, thinking that it would actually be more difficult for some people to remember. One company that makes image-password technology argues that this isn’t true. Their system is a little different than some of the others I’ve read about. They basically show a bunch of different images, and you need to select each one in your password in the proper sequence. They say people find it easy to remember, because they make up a story to go along with the sequence. Of course, wouldn’t that also make it easier for anyone spying on you to remember your password as well? I’m not sure how this is any more secure.
Comments on “Pictures As Passwords”
I hope they don't have a patent
Or that it came about before that horrid movie Johnny Mnemonic, because that’s what was used as a password for his cranial storage.
Any password that involves you moving a cursor around on a screen is easily surpassable by anybody within visual range, and that includes via security camera.
Maybe if they put the pictures in a 3×3 grid that corresponded to the 1-9 keys on the keypad, but even at that it’s still easily ‘readable’ by anyone who cares enough to try. People can read your PIN numbers at ATM machines from 10+ feet away, so this shouldn’t be any more difficult.
This is one of those things that sounds good, looks pretty, but is fairly useless. At least in my humble opinion…
Re: I hope they don't have a patent
There’s an adault website out there who does this (pick your favorite 2 girls). They say it cuts down on password sharing and cracking attempts
Re: I hope they don't have a patent
>People can read your PIN numbers at ATM machines from 10+ feet away, so this shouldn’t be any more difficult.
When an observer watches someone enter a pin at an ATM, they have an advantage in that they already know the alphabet used (ie digits 0-9), however, even with this, it is most frequent for the pattern to be remembered, even the users themselves tend to do this. With passfaces (www.passface.com), the position is randomised, and relied on the cognitive abitlities of the user. Also, many systems, such as passface, only show one photo at a time (with 8 others), as soon as an image is selected, the next group appears, giving the observer much less time to memorize the token (ie face). (passface also has the added advantage of eliminating dictionary attacks, combinational attacks would have to be used, which require exponentially more time, increasing the chance of being exposed)
No Subject Given
I guess, the idea is that you create the sequence in your own context. So, someone else wouldn’t be able to guess. For exampe, you can make up a story: “I go to store”, but for you it will be totally different sequence than for others. However, you do need huge library of images + it can’t be used in all cases. Also, this assumes that abuser who tries to guess your password, doesn’t know you personally. I would guess, web site is good place to use them, but not as a login to your payroll system.
password incorrect:
Three random pictures with waldo hidden somewhere in each one.
Password images
check out http://www.passface.com
i ‘registered’ my passface (read password)
about 18 months ago
just tried to login and guess what i did!
ie: i remembered my 5 passfaces easily!
now no password is that easy to ‘remember’
read the science.