Paul Wilders
March 23rd, 2002, 07:12 AM
-{ Quote: "Images could be safer from digital attackers, but would still leave users open to 'shoulder surfing'
Researchers at Microsoft are working on new types of passwords that will be easier for people to remember but harder for hackers to crack.
The key: images, which tend to make more of an impression on people than strings of text characters.
Darko Kirovski, a cryptography and anti-piracy researcher at Microsoft, demonstrated a prototype password system at Microsoft offices in Mountain View, California, on Wednesday.
On a screen full of images of different country flags, he clicked on a number of points within the images that correspond to specific pixels. The series of pixels is then converted into a random number and stored in the computer, he said.
Users simply remember exactly where on the images they clicked and in what order. "I don't think you can create a password that is easily memorisable that is 20 characters long," Kirovski said.
Because of their mnemonic limitations, people often choose names and simple words and phrases for their passwords. But those can be cracked within minutes with so-called "dictionary attacks", software that is easily downloaded off the Internet that systematically guesses words until it finds those used in passwords.
People could use any image, the more complex the better, or even video, according to Kirovski. The images would have to be doctored to work with software that could convert pixels to numbers and encrypt them.
Even with such a system, people would still be susceptible to "shoulder surfing", in which someone watches a computer user type in their password.
Such image-based password research is not new, according to Bruce Schneier, a cryptographer, author of several security books and chief technology officer of Counterpane Internet Security monitoring firm. "It's something that the security community has been working on for over a decade," he said. "The basic idea is that the brain can remember faces better than it can remember letters and numbers."
In general, it might be more secure, he said, "because people choose such lousy passwords."" }-
source: http://news.zdnet.co.uk/
Researchers at Microsoft are working on new types of passwords that will be easier for people to remember but harder for hackers to crack.
The key: images, which tend to make more of an impression on people than strings of text characters.
Darko Kirovski, a cryptography and anti-piracy researcher at Microsoft, demonstrated a prototype password system at Microsoft offices in Mountain View, California, on Wednesday.
On a screen full of images of different country flags, he clicked on a number of points within the images that correspond to specific pixels. The series of pixels is then converted into a random number and stored in the computer, he said.
Users simply remember exactly where on the images they clicked and in what order. "I don't think you can create a password that is easily memorisable that is 20 characters long," Kirovski said.
Because of their mnemonic limitations, people often choose names and simple words and phrases for their passwords. But those can be cracked within minutes with so-called "dictionary attacks", software that is easily downloaded off the Internet that systematically guesses words until it finds those used in passwords.
People could use any image, the more complex the better, or even video, according to Kirovski. The images would have to be doctored to work with software that could convert pixels to numbers and encrypt them.
Even with such a system, people would still be susceptible to "shoulder surfing", in which someone watches a computer user type in their password.
Such image-based password research is not new, according to Bruce Schneier, a cryptographer, author of several security books and chief technology officer of Counterpane Internet Security monitoring firm. "It's something that the security community has been working on for over a decade," he said. "The basic idea is that the brain can remember faces better than it can remember letters and numbers."
In general, it might be more secure, he said, "because people choose such lousy passwords."" }-
source: http://news.zdnet.co.uk/