BT Catches Undeserved Flack Re: Hotspot In A Box
Plaxo To Launch Address Software To Annoy Us All

Pictures As Passwords

(Mis)Uses of Technology

from the tell-a-story-with-your-password dept

Wed, May 21st 2003 10:46amMike Masnick
The idea of using picture images as passwords is not new. It's been talked about for years and even Microsoft is experimenting with the idea. In the past, I've trashed the idea, thinking that it would actually be more difficult for some people to remember. One company that makes image-password technology argues that this isn't true. Their system is a little different than some of the others I've read about. They basically show a bunch of different images, and you need to select each one in your password in the proper sequence. They say people find it easy to remember, because they make up a story to go along with the sequence. Of course, wouldn't that also make it easier for anyone spying on you to remember your password as well? I'm not sure how this is any more secure.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Oliver Wendell Jones, 21 May 2003 @ 11:20am

    I hope they don't have a patent

    Or that it came about before that horrid movie Johnny Mnemonic, because that's what was used as a password for his cranial storage.
    Any password that involves you moving a cursor around on a screen is easily surpassable by anybody within visual range, and that includes via security camera.
    Maybe if they put the pictures in a 3x3 grid that corresponded to the 1-9 keys on the keypad, but even at that it's still easily 'readable' by anyone who cares enough to try. People can read your PIN numbers at ATM machines from 10+ feet away, so this shouldn't be any more difficult.
    This is one of those things that sounds good, looks pretty, but is fairly useless. At least in my humble opinion...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 May 2003 @ 12:13pm

      Re: I hope they don't have a patent

      There's an adault website out there who does this (pick your favorite 2 girls). They say it cuts down on password sharing and cracking attempts

      link to this | view in chronology ]

    • identicon
      Scott Porter, 29 Oct 2003 @ 3:20am

      Re: I hope they don't have a patent

      >People can read your PIN numbers at ATM machines from 10+ feet away, so this shouldn't be any more difficult. When an observer watches someone enter a pin at an ATM, they have an advantage in that they already know the alphabet used (ie digits 0-9), however, even with this, it is most frequent for the pattern to be remembered, even the users themselves tend to do this. With passfaces (www.passface.com), the position is randomised, and relied on the cognitive abitlities of the user. Also, many systems, such as passface, only show one photo at a time (with 8 others), as soon as an image is selected, the next group appears, giving the observer much less time to memorize the token (ie face). (passface also has the added advantage of eliminating dictionary attacks, combinational attacks would have to be used, which require exponentially more time, increasing the chance of being exposed)

      link to this | view in chronology ]

  • identicon
    Jim Tsoj, 21 May 2003 @ 1:32pm

    No Subject Given

    I guess, the idea is that you create the sequence in your own context. So, someone else wouldn't be able to guess. For exampe, you can make up a story: "I go to store", but for you it will be totally different sequence than for others. However, you do need huge library of images + it can't be used in all cases. Also, this assumes that abuser who tries to guess your password, doesn't know you personally. I would guess, web site is good place to use them, but not as a login to your payroll system.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 May 2003 @ 6:54pm

    password incorrect:

    Three random pictures with waldo hidden somewhere in each one.

    link to this | view in chronology ]

  • identicon
    Simon Grice, 10 Sep 2003 @ 12:58am

    Password images

    check out www.passface.com
    i 'registered' my passface (read password)
    about 18 months ago
    just tried to login and guess what i did!
    ie: i remembered my 5 passfaces easily!

    now no password is that easy to 'remember'

    read the science.

    link to this | view in chronology ]


BT Catches Undeserved Flack Re: Hotspot In A Box
Plaxo To Launch Address Software To Annoy Us All
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.