07-27-2003, 01:00 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Picturing Painless Passwords
"How many passwords or numerical combinations do you need to remember on a given day? You probably have one for each gadget or service you come into contact with: one to withdraw cash from the ATM, another to check your answering machine when away from home. You have one for your cellphone, another for your work voice mail, a different one for your gym locker, and access to your bank account. The list goes on and on, and it's downright overwhelming.
During a very unscientific survey on the streets of San Francisco, people said they have, on average, seven passwords and PINs � some of which they frequently forget. But one company thinks it has an innovative solution to this ever-difficult game of memory. And if it catches on, pictures � not numbers and obscure codes � could be your pass to your private, personal information."
Pointsec, which specializes in mobile device security, has developed a image-based password solution that works on, amongst other platforms, Pocket PCs. I'm glad to see this as well as biometric security being worked on -- I have to use eWallet to memorize all my passwords, but that's still a huge hassle -- if they can develop a solution that makes it easier to memorize, I'll be all over it. 
|
| |
|
|
|
07-27-2003, 01:59 AM
|
|
5000+ Posts? I Should OWN This Site!
Join Date: Aug 2006
Posts: 5,616
|
|
This strikes me as being not very secure.
10 pictures * 10 possible locations * [something I forgot] * [something else I forgot] gives you 10,000 possible passwords. However, a simple three-letter non-case-sensitive password with no numbers or punctuation or alt-characters produces 17, 576 possibilities. With just three letters!
__________________
iPhone 4! ☠☠☠ Mid-2010 15" MacBook Pro! ☠☠☠ Gateway LT2102h! ☠☠☠ Dell XPS M1210!
|
| |
|
|
|
07-27-2003, 03:05 AM
|
|
Editor Emeritus
Join Date: Sep 2006
Posts: 3,060
|
|
Quote:
|
Originally Posted by ctmagnus
10 pictures * 10 possible locations * [something I forgot] * [something else I forgot] gives you 10,000 possible passwords.
|
Here's how my math comes out...
Using three of twenty-six alphabetic characters as a code yields 17,550 permutations. Using only three numerical characters offers 720.
Ten icons, taken ten at a time yields 3,628,800 possible permutations. Add to that the fact that the icons are rearranged and the number of possibilities is even higher (sorry, not sure how to calculate that).
|
| |
|
|
|
07-27-2003, 03:11 AM
|
|
Pontificator
Join Date: Jul 2003
Posts: 1,264
|
|
The fact that they rearrange the icons does not change the number of permutations. You still have 10 things to choose from whether they are pictures or numbers does not really matter. The examples they use have 4 choices. So 10X10x10x10 = 10,000. This does not add any security, it is only a neumonic (sp?) device.
|
| |
|
|
|
07-27-2003, 03:32 AM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Goldkey
The fact that they rearrange the icons does not change the number of permutations.
|
No, but it changes the number of *patterns* which makes looking over someones shouder worthless unless you can see the icons very clearly. It is pattern based.
|
| |
|
|
|
07-27-2003, 03:37 AM
|
|
Pontificator
Join Date: Jul 2003
Posts: 1,264
|
|
It is just like taking a 10 digit keypad and rearranging the keys every time. You are absolutely right, in that it may help with shoulder surfing. But I would not really call it patterned based. They are just replacing the numbers with pictures. Kind of like McDonalds does on their cash registers.
This is more of a pattern based solution which I think would be ideal on a PPC. Basically, you draw a picture and that is your password. Probably works along the lines of handwritting recognition.
This link is one level deep in the site and has an example of use on a PDA.
|
| |
|
|
|
07-27-2003, 03:42 AM
|
|
Editor Emeritus
Join Date: Sep 2006
Posts: 3,060
|
|
Quote:
|
Originally Posted by Goldkey
...in that it may help with shoulder surfing...
|
Right. That's what I was trying to find the right words to say. It doesn't change the number of possible "PINs," but makes it harder to guess the sequence.
|
| |
|
|
|
07-27-2003, 03:43 AM
|
|
Pontificator
Join Date: Jul 2003
Posts: 1,264
|
|
Only harder to guess via shoulder surfing. If you just found the device and had to try and guess the password, it would be the same as trying to guess a numeric.
|
| |
|
|
|
07-27-2003, 03:46 AM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Goldkey
Only harder to guess via shoulder surfing. If you just found the device and had to try and guess the password, it would be the same as trying to guess a numeric.
|
It would be harder for a person to guess. If you have 10 images and you are trying to do them in order and in an increasing sequence, having them move all of the time means you have to memorize previous patterns, so in a non-moving 10 keypad pattern, you have one less possibility with each try.
When it moves though, you essentially have to guess from the whole pot again, unless you have a photographic memory.
|
| |
|
|
|
07-27-2003, 03:52 AM
|
|
Pontificator
Join Date: Jul 2003
Posts: 1,264
|
|
Maybe I am missing something. There are 10 images � an envelope, a plane, a laptop computer, a woman, flowers, a heart, a duck, a dog, the sun, and a man. I want to try and brute force it (forget the fact that it locks after three invalid attempts). First try envelope envelope envelope envelope (they then rearrange) try envelope envelope envelope plane (they then rearrange) try envelope envelope envelope laptop.....(9997 more combinations)......... Their position on the screen is irrelevant.
|
| |
|
|
|
|
|
Linear Mode
