Graffiti Passwords Secure And Memorable
Memorable passwords can be an easy target for hacking applications. The Draw a Secret password system enables the user to draw their password much like a signature or graffiti tag.
Humans have a limited capacity to remember those insignificant streams of letters and digits often used as passwords; as a result, many people choose or change their passwords so they are easier to remember.
Memorable passwords, however, can easily be hacked when faced with dictionary attacks or logical guesses. Information based on birth dates, family members or place names are an easy target for most hacking software and the time it takes for these programs to ‘guess’ your password decreases considerably if it is simple and unsecured.
Draw a Secret Password
A recent meeting of the Computer and Communications Security interest group of the Association for Computing Machinery saw an improved description of a password security system called ‘Draw a Secret’.
This system is based on the fact the humans excel at image recognition and memory, for this reason passwords should be designed to leverage this ability. The Draw a Secret password method incorporates a touch screen and stylus for the user to sign freeform shapes as their password. This can be anything from pictures to graffiti style tags.
The primary limitation of the original DAS system is the user’s ability to accurately redraw a complex shape from memory. Even simple images are difficult for the user to exactly recreate.
The people behind the new system have managed to refine the technique by parsing the shapes with a flexible grid that helps the DAS system to more accurately recognize key features such as changes in the stroke’s direction. They have also found that providing a background image to draw on also helps improve our ability to accurately redo a freehand drawing, as features of the drawing can be made to fit within confines of the image.
The revised version of DAS, which the authors termed Background Draw a Secret, seems to work. In tests, users created BDAS passwords that contained an extra 10 bits of extractable data compared to those who did not use a background image. A week later, 95 percent of the subjects were able to recall their password drawings within three attempts.
At the moment the system is limited to touch screen devices which is good news for many cell phones and pocket PCs, but it may take a long time before we see the DAS adapted for ATM and chip and pin type passwords.
- Unavailable, please contact us for more information.