What is Digg?138 Comments
- spling, on 10/12/2007, -0/+21"Hey Jim, what's your password?"
"Uhh.. O in HOTEL, middle of the clock, center light on bus, ladies face, second road stripe from the bottom" - magiluke, on 10/12/2007, -0/+7That's really neat. The only thing is that the first time I tried it, I couldn't remember my fifth point. I can imagine potential problems with certain pictures; most people would be inclined to click at certain points. Someone trying to break you "password" could probably guess at all the spots most people would click on. In the example, I found myself clicking on obvious corners, and on the lights of the trolley. I guess just like real passwords, most people would just end up choosing the obvious.
- inactive, on 10/12/2007, -0/+6How about being able to upload your OWN photo to put the points on. That way u dont have to worry about different pics for different sites
- kire, on 10/12/2007, -0/+4Ok the overlay is done: http://labs.mininova.org/passclicks/overlay.html
- kire, on 10/12/2007, -0/+2Cool, never thought this would make the digg frontpage. Didn't even bother to submit it.
I know that there are some points which most people will use. I tried to find a better image with more interesting points but couldn't find a better one.
@merreborn, blake_ivey: I am now collecting the data for the most-clicked-points overlay. Will create it tomorrow when I have some more time. - TheQwe, on 10/12/2007, -1/+3two problems: 1) time to login- even for one who is moderately skilled at typing, text password entry is *much* much faster, and 2) accessibility. There is little or no way a blind person could successfully use this system.
- eggo, on 10/12/2007, -0/+1Someone:
"In an interesting twist, I believe that this example demonstrates the flawed nature of human generated passwords. Contextual pattern matching for easy memory recall isn't confined to letters and numbers, but to visually simple patterns as well. I too found myself clicking on the obvious 'points', letters, numbers, lights."
Someone Else:
"How about being able to upload your OWN photo to put the points on. That way u don't have to worry about different pics for different sites"
Even better, have your browser automatically overlay your image on top of the specially designated blank space. That way, you get rid of the issue of always picking the same points, and you don't have to upload the image. - tom6a, on 10/12/2007, -0/+1Makes it that much easier to enforce the policy of not telling others your password.
- Mysidia, on 10/12/2007, -0/+1Just like regular passwords: it doesn't matter that some spots will be highly
clicked, a would-be hacker would have to get your username, and then figure
out which sequence of clicks you used, in the order that you used them.
Provided you have to upload the login image yourself or pick from a large library
of standard images, every user presents a fairly unique challenge for any attacker --- and,
they don't necessarily know which of the many "obvious" click areas is the right one.
Provided users weren't allowed to click essentially the same place all 5 times,
I think there's a lot more security with this than letting a lot of avereage users
pick text passwords.
Sure, it will be less secure for advanced users.
But for computer novices, it could be a boon. Consider a client-side password
entry form that automatically generates a text-based equivalent of the clicks
based on a hash of a message digest/hash of the image file and a click sequence
code.
The attacker would then not only have to figure out what click positions to use, but
which image to use as well :) - NiLeS, on 10/12/2007, -0/+1I used to have this for my Palm. You could add your own pix, so why not a blank screen? Sure, it's asking for problems (Now, is it 33% to the right, or 45% from the top??), but then there's no obvious points.
Except for corners, sides, and the middle. BTTDB - ab500, on 10/12/2007, -0/+1Hmm. I have a great idea. Using the 90 or so unique charaters on a modern day keyboard we can implement a system where users will be validated by typing in a combination of seemingly random keys, it will be hard to screen hack due to the speed achievable with this system and can be kept secure with my other inventions, a password strength policy and a system that blocks a user after a number of trys to prevent brute forcing.
Seriously. Visual passwords are one of the stupidest things I've seen on digg and is an invention looking for a perpose. Not only does it kill any support for text based browsers (unless you have a alternative password that totally defeats the purpose) but it also kills the simplicity of text passwords and the fact they are damn hard to get by looking over someone's shoulder. Here's a new idea: making a policy that requires users to choose a secure password and then implementing protection agaisnt brute forcing it. - merreborn, on 10/12/2007, -0/+1This is really vunerable to one of the oldest password stealing schemes ever:
Shoulder surfing.
Also, many people have mentioned that you tend to want to click several obvious points. Assuming there are 10, given the password length is 5, that'd mean there are about 100,000 common passwords people are likely to choose. A 5 character alphanumeric password, in contrast has over 62 possiblities per char, totalling up to 962 million.
It'd be interesting to see this guy produce an overlay showing the most clicked on spots. - inactive, on 10/12/2007, -1/+27 pixel marigin of error?
I could write a script to break any password in several minutes. - muddie, on 10/12/2007, -0/+1I'm sure that those that use their last name backward will be the ones that use the 4 corners of a picture and then the center.
As always, your security is only as strong as your weakest link. Probably a pain to administer, but an interesting idea. - benspicer, on 10/12/2007, -0/+1keyloggers wouldn't stand a chance, fantastic piece of work +digg
- MOBOB, on 10/12/2007, -0/+1thats a good idea!
- mckone, on 10/12/2007, -0/+0Great idea. Might never work, but very clever anyway.
- kjland, on 10/12/2007, -0/+0I guess I disagree with several of the comments so far, I digg this. While in its current form, it may not be as secure as a 16 digit alpha numeric case sensitive non word password, it has great potential. People are usually attuned to visual cues. I bet if you go back tomorrow and click on the same left knee of blue jeans, inside the P of the blue parking sign, the center of the clock, the white piece on the walking person, and the right light on the yellow bus. A problem with passwords is not remembering the first password, its having to remember a brand new password after using the old password. This is especially true on systems where the password is not used very often. Oftentimes, people write down their password next to their computer (very secure), or just use a base password, such as "qwert" then add the month "01". Not very secure, either.
- n00854180t, on 10/12/2007, -0/+0The simple way to implement a more secure version would require the user to click their 5 points in sequence. It's much harder to predict the obvious click areas including their sequence than just to predict the obvious click points themselves.
Another way could be generating an image (with Chaoscope for instance) and then saving the parameters of their attractor into their account, and display them with that particular image each time. Each account would have a different (maybe) image, and they'd have to select their 5 points in sequence.
Lots of ways to improve how good this is. I imagine users could get really fast with it as well. - jguerry, on 10/12/2007, -0/+0this is a cool idea, but i consider it very unlikely. how would you use your login id? another picture with another set of 5 pts? i would not like to do this everyday. text passwords are the best. for sites that i don't care about, i choose simple passwords, who cares if someone hacks it? for personal mail and other secure sites, i choose the same password, but it isn't anything of the ordinary. i don't believe anyone would want to be me anyways!
the picture thing was hard for me to remember. i clicked the obvious, the first left tail light, the second further car's tail light, the bus' left head light, the bus' right head light, and the peak of the tower.
thumbprint and retina scanners are the fastest and most ideal security options out there. i hate carrying my credit cards and i hate typing in my passwords when i'm at the atm and i hate logging in. i should be able to scan my thumb and log into everything web-related, and sign out when i click so. at the grocery store i should be able to scan my thumb, and leave with my groceries.
if you don't have thumbs, you suck. - harlowsmonkeys, on 10/12/2007, -0/+0"7 pixel marigin of error?
I could write a script to break any password in several minutes"
Yes, you could *write* the script in several minutes. It would then take several years to actually *run* the script to break passwords. 5 clicks with 7 pixel margin of error on the sample image they gave is equivalent to a password of about 62 bits.
The first step for hacker wannabe's should be to learn how to use the back of the envelope... - kramer3d, on 10/12/2007, -0/+01) how the ***** is this any easier to remember?
2) this makes cracking passwords so much easier and funner
3) waste of time like the dude above me said - PicklePower, on 10/12/2007, -0/+0What about having to pick your password points in a certain order? Like, you click the clock first, then that bald man, then the crap on the street. Something like that.
- Flankk, on 10/12/2007, -0/+0Why are people digging this?
It's not practical and hardly secure. Nevermind that the interface takes way longer to use than to type in a password. If I hadn't picked distinctive areas on the image, I would have forgotton my password, or been unable to enter it. - gregnorc, on 10/12/2007, -0/+0I actually saw this demonstrated at SOUPS (Symposium on Usable Privacy and Security) at CMU over the summer, and while it initially seems lik
e a good idea it has several flaws.
First off, how beg is the defined "click" area? If it's too large, then it's easy to crack the visual password. If it's too small, the user has a hard time remembering where they clicked, and rely on "common areas", areas that stand out almost universally, once again effecting the security of the visual password.
On another note, many keyloggers take peiriodic screenshots. - fredvw, on 10/12/2007, -0/+0Didn't we see this in "Harry Potter and the Sorcerer's Stone" when Hagrid let Harry into Diagon Alley?
- FishOnAH, on 10/12/2007, -0/+0This is a horrible idea. I mean it is cool they can do this, but everyone would forget their 'passclick.' Not to mention how much more inefficient this is than a standard password.
/sigh - SpeedyG, on 10/12/2007, -0/+0I used the top of the spire, the clock face, the red thing up on the building on the left, the base of the lamppost near the bus, and the bus headlight.
- hiro, on 10/12/2007, -0/+0Bad idea, continually clicking on the same parts of the screen will eventually wear away parts of the picture making it easy for someone to get your "password"
- JaggedEdge, on 10/12/2007, -0/+0"keyloggers wouldn't stand a chance, fantastic piece of work +digg"
Currently working on a program that sends me what a users resolution is and where on the screen they cliked.... :P jk - inactive, on 10/12/2007, -0/+0cool what about a web page that didn't say login here.
it would look just like a normal page with some text and pic's on it.
only the people you tell about it would know what to click on to get to the hidden page!
simple easy to do, I'll have to try this. - GreenAlien, on 10/12/2007, -0/+0Tell you what, I'd rather do this (plus enter a password) than log into my Lloyds bank where you have to select several letters from a passphrase, one letter per drop-down box (painful!), in addition to the usual password.
I'd find it fascinating to see stats of who clicked on what, and whether anyone entered the same "password". A coloured overlay would be good too - eg dark red for an often clicked pixel.
Looking through the comments, I dont see anyone that has used all the same points. So maybe not as obvious to guess as it first appears. Could be, well, paradoxical, like the Birthday Paradox. - Deuterium, on 10/12/2007, -0/+0I'm visually impaired. Thanks a lot this is really going to help me out. NOT!!!
- Tobey, on 10/12/2007, -0/+0I don't know, by the time I got to the login page I had already forgot what points I clicked on.
- jzillan, on 10/12/2007, -0/+0digg it. this is just the type of thing i was looking for :)))
- bryant, on 10/12/2007, -0/+0awesome. 1337 diggs...
- magiluke, on 10/12/2007, -0/+0I think that it could probably be improved if the picture used was a grid with different colorings, or something similar to that. It would have to be something that didn't have anything too obvious to click on. Or, the picture would have to be SO complex that there were far too many obvious spots to click on. Either way, I'd rather just type in my password (or pass phrase, which I think is a good idea). It's just that much quicker, something that someone else mentioned that I didn't even think about. I actually hate using my mouse!
Still a fairly cool idea. - slimmerz, on 10/12/2007, -0/+0oh, I can't use my password safe anymore.
- challahc, on 10/12/2007, -0/+0This would be cool to unlock your screensaver or something like that. Probably not for logging in to a website. Plus, wouldn't you still have to type the username.
- Vinnie87, on 10/12/2007, -0/+0Great Idea..doubt it will make it.
- bryan8m, on 10/12/2007, -0/+0This would defeat the average keylogger, but programs can record mouse clicks too. And people are going to forget the points they chose, unless images are higher resolution and include more distinguished objects.
- jzillan, on 10/12/2007, -0/+0how about a sequence of individual pixels? i think i would totally remember a sequence of 5 image pixels better than 5 random spots on the page. *cough* the million dollar pixel
just a thought. what do you all think? if anyone thinks this would be a good idea...i'll work with you to create it :)
-j - chubbymidget, on 10/12/2007, -0/+0How handy is it to have a picture of any size/detail on a login page?
Remembing your points. Points in the picture that stand out this time, and seem obvious, may not the next. Or not in the same order.
Choosing a picture that doesn't have obvious points that a hacker could guess. Letter "P" twice, clock face, person walking in street, etc. - CaptanAwal, on 10/12/2007, -0/+0ANybody else notice this is a dupe
- kalisphoenix, on 10/12/2007, -0/+0I thought this would be a great idea when I first heard about it. In practice, it blows. Props to the guy who made the page -- it's a good demonstration and proved to me that this idea is stupid. I can type my passwords on all of my computers (ranging from 11-15 letters, including capitals, special characters, and numbers) faster than it takes me to move my mouse to the first click point. Good luck to anyone watching over my shoulder. Keyloggers? Don't make me laugh -- if someone can put a keylogger on your system, you're already screwed anyway.
I picked both clocks, L and T of HOTEL, and the head of the dude crossing the street. - Jarasmen, on 10/12/2007, -0/+0Well cool, but I have trouble getting it work. Rather a novelity than something that's really useful. I'll stick to my typed passwords until the computer learns to recognize me in some nicer way.
- Rage321, on 10/12/2007, -0/+0Great idea indeed. If I had an option, however, I would choose the old way.
- isthisme2, on 10/12/2007, -0/+0um... point and click passwords...
no thanks... - fr0z3nph03n1x, on 10/12/2007, -0/+0I tried this about 3 times and failed each time. Then I used opera and it worked first try. Lesson learned, IE 7 beta 2 does not support this script :).
- SpeedyG, on 10/12/2007, -0/+0Interesting use of technology, but there's a reason why we've been using passwords for centuries now. It's because they usually work.
-
Show 51 - 100 of 138 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is