At the Computer and Communications Security interest group of the Association for Computing Machinery (ACM) meeting this weekend, a technique to accurately decipher image passwords drawn by users was demonstrated.
The revised version of DAS, which the authors termed Background Draw a Secret, seems to work. In tests, users created BDAS passwords that contained an extra 10 bits of extractable data compared to those who did not use a background image. A week later, 95 percent of the subjects were able to recall their password drawings within three attempts.
Using images for passwords has always presented several challenges owing to inability of users to accurately re-draw an image from memory. The new technique provides a background image to help users recall and then re-draw an image from memory (Bit-tech). This relies on the concept of associative memory.
While the technology will initially be targeted on touch sensitive devices, do you feel that it's high time that character based passwords were overhauled?