Emerging Tech

Visual-based passwords technique improves

At the Computer and Communications Security interest group of the Association for Computing Machinery (ACM) meeting this weekend, a technique to accurately decipher image passwords drawn by users was demonstrated.

At the Computer and Communications Security interest group of the Association for Computing Machinery (ACM) meeting this weekend, a technique to accurately decipher image passwords drawn by users was demonstrated.

An excerpt from Ars Techinica:

The revised version of DAS, which the authors termed Background Draw a Secret, seems to work. In tests, users created BDAS passwords that contained an extra 10 bits of extractable data compared to those who did not use a background image. A week later, 95 percent of the subjects were able to recall their password drawings within three attempts.

Using images for passwords has always presented several challenges owing to inability of users to accurately re-draw an image from memory. The new technique provides a background image to help users recall and then re-draw an image from memory (Bit-tech). This relies on the concept of associative memory.

While the technology will initially be targeted on touch sensitive devices, do you feel that it's high time that character based passwords were overhauled?

3 comments
Nodisalsi
Nodisalsi

Image recognition is so natural to the human brain that an observer looking over the shoulder will probably only need to see a sublimal flash of the PW image to remember what was entered! So I fail to be convinced by this. It seems like too much fuss to compensate for the failure by some end-users to remember a passwords they selected, especially when Signature recogntion and biometrics can be used now.

Nodisalsi
Nodisalsi

http://www.ovum.com/news/euronews.asp?id=6300 I quote: "It replaces passwords, PINs and fingerprints by asking the user to choose and remember a unique pattern... this could be a selection of squares within a grid. Each time the user is required to authenticate, they would be presented with the grid in which each square was labelled. Crucially more than one square would share each label. The labels would be different every time. The user would enter the labels of the squares in their chosen pattern. However as each of these labels does not identify a unique square it is impossible to reconstruct the pattern from this reply (except if a large number of interactions were monitored). Thus the secret pattern would remain secret, even if the machine was compromised by spyware or the user was being watched as they entered their PIN." I would like to see a demonstration of this method.

pr.arun
pr.arun

While the technology will initially be targeted on touch sensitive devices, do you feel that its high time that character based passwords were overhauled?

Editor's Picks