Friday, December 07, 2007

Sounds like a good idea

ACM TechNews reports:
Microsoft Research's Jeremy Elson and Jon Howell are re-examining a project that uses inkblots as visual aids to help computer users remember complicated and difficult to crack passwords. Using a public Web-based project at InkblotPassword.com, the researchers let users create a password using a series of random inkblots and a formula that selects letters. A series of inkblots are shown to the user, who associates a word with each inkblot. For each inkblot, the user enters the first and last letter of the word the user associates with that inkblot. A series of 10 inkblots creates a password 20 characters long of seemingly random letters that is easily remembered by the user but difficult to steal. After a period of time, users were even able to remember the password without having to refer back to the inkblot, according to research first conducted in 2004. Typically, passwords as complex and secure as the inkblot passwords need to be written down or users will create weaker passwords that are easier to remember. The researchers found that different users almost always describe the same inkblot in different ways, making the system is even more secure and difficult to guess, as users create mental images they associate with the inkblots. Eventually, the users develop "muscle memory" and can log in without referring to the inkblot images.
Seems like a neat idea. But when I went to the website to try it out, I almost immediately found that I didn't want to have to think up associations.

But they did have another neat idea. Instead of asking users to recognized distorted letters and numbers, they asked users to distinguish between pictures of cats and dogs.

No comments: