Posted on 02/20/2006 10:53:34 AM PST by 2Jim_Brown
Some hackers like to "shoulder surf," or steal unsuspecting PC users' passwords by looking over their shoulders at the Internet café. Others prefer to crack an account's password -- using sophisticated software programs. But new developments in network security are going to wipe out the shoulder surfers, and their cracker pals, experts tell United Press International's Networking.
Graphical passwords are emerging -- images, not words or phrases, which authenticate access to a computer or a network. By Gene Koprowski
(Excerpt) Read more at upi.com ...
bump for publicity
Interesting, but I don't see how the "click points" are any more secure than the typed password. Am I missing something?
Interesting.
Because there are billions of pics and only 24 letters with 10 numbers.
There was a movie recently about a password that was 5 pics.
These pop up every year at Microsoft's TechFest. I've used them. I think they're lame, if you ask me. Or even if you don't. :)
Color me a skeptic. Graphical passwords take up a lot of screen real-estate. More importantly, because they inherently depend on a visual medium, they're *easier* to shoulder-surf than a typed password.
There are other mitigations to shoulder-surfing. One of the most successful ones I've seen so far is to measure the time between keystrokes when a person types their password. Everybody's hands are shaped differently and everybody types with different strokes, so the rate at which you type in a password is often even more unique than the password itself - and very, very difficult for another human being to replicate.
However, I think this is all a moot point. Very little hacking is done through shoulder-surfing. If you were to draw a pie chart of all computer break-ins grouped by hack technique, shoulder-surfing would barely account for 10%.
That'd stop a tank.
Good points...how many webmasters would implement this idea? Besides, it's pretty easy (I hear) to call up most companies and use simple social engineering.... "Hi - this is Joe in the IS department, we're having a problem with your account, could you verify your username/password for us?"
Simple to do, unfortunately.
It's all about user training (or lack thereof).
Just get a long password.
but I don't see how the "click points" are any more secure than the typed password.
Seems to me that this would be easier to get a password.
26 letters...
There are 52 letters (if the password field is case sensitive), 10 numbers, and a bunch of other characters one can typically use.
You pick out an easy to remember picture and it stores it as a cookie in your PC.
This sounds like it would hamper getting access on another computer. Like when traveling?
I see what you're saying though - B of A only has an 800 number to contact if you forgot or have an incorrect site key. One thing I do know is that once they adopted it they forced you to pick out a site key to log in. ;-(
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.