March 26th, 2002, 08:16 AM
Microsoft's new "security" idea
Microsoft is working on a new password scheme, based on images:
The Register: Picture this: image-based passwords
Now ... would this really offer more secure passwords, or would people still write down the combination on a yellow Post-It stuck on their monitor?
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
March 26th, 2002, 09:23 AM
Hmm, interesting, but I'd still rather have a 17-char mixed case with numbers & symbols text password, than clicking 4 or 5 images.
March 26th, 2002, 09:50 AM
I would much rather type my password than click "Tux" (twice) "O'reilly Linux book" (once) "Pam Anderson" (once) "Tom Green" (once) "Bill Gates" (once) -
Also where are these pictures located, and how many other pictures are mixed in with them?
I agree that pictures are much easier to remember than ttp45pwd500 or whatever.
MS is probably suggesting this new scheme of security, because they are targetting consumers are barely computer literate.
March 26th, 2002, 10:22 AM
I could actually remember a text password easier than a picture sequence, since I download hundreds of wallpapers, logos etc. a day, I'd never remember one from the other.
March 26th, 2002, 11:00 AM
it woujld just become habit though think about it would u rember 123jhf432 of by heart if u didnt use it everyday i think its a shitty idea but worth a think
March 26th, 2002, 11:12 AM
But if people wanted to break into it, it would still be possible. I mean you can create scripts that would pick one user ID and then just run until they got the right combination of pictures clicked. I don't see how it could be more secure then a very good text-based password, such as 'du3Pg90dZs6a' or something. I understand that 'du3Pg90dZs6a' might be hard to remember, but when you enter it all the time, it would become second nature.
Mind you, I haven't seen this new security idea 'in action', so it could be more advanced, but that's what I gathered from reading that link.
\"Do you know what people are most afraid of?
What they don\'t understand.
When we don\'t understand, we turn to our assumptions.\"
-- William Forrester
March 26th, 2002, 01:10 PM
I don't think the issue is wether these picture thingies are more secure, but rather that they are easier to remember so that people might stop using passwords like "Emma" or "tomgreen".
\"The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.\"
- Edsger Dijkstra
March 26th, 2002, 03:25 PM
I don't think this password scheme will be taken to seriously over the next few years. Brute forcing will still be possible, and this is just an 'easier' way of punching in a password. Whoever is familiar with BF'ing, then you should know that
Will take about forever to get with just one PC, while on the other hand, clicking an image one or two times in sequence isn't so hard. Only if the number of clicks increases, but obviously few people will select one picture and one click.
This is just a lazy-people's way of entering a secure website. I only hope that this isn't something like:
- Click number one on 56k
- Wait for page to refresh
- Click number two
- wait for page to refresh
...This Space For Rent.
March 26th, 2002, 03:28 PM
Something about this idea doesn't sit right with me... Are these picts stored on a website or in a locally based program? Is the passowrd the location clicked, and the picts are just a cute way to indicate position? This sounds like a keypad with pictures instead of alpha-numerics....but I could be totally off on this one...
- Jimmy Mac
Replicants are like any technology, if there not a hazard, its not my problem....
March 26th, 2002, 03:49 PM
I can't see this catching on.
Its not software piracy. Iím just making multiple off site backups.