Graffiti for Passwords

Ars Technica has an interesting article about a new spin on passwords. Basically researchers have been testing a password system that involves the user drawing shapes in a box. Where they start, their subsequent strokes, and where they end is all recorded as the password. It is based on the simple fact that humans can remember images much better than they can complex alphanumeric strings.

“One of the largest security challenges many organizations face come from the most basic aspect of security: user passwords. Humans simply have a limited capacity to remember otherwise insignificant streams of letters and digits; as a result, they often choose passwords that are easier to remember. Those memorable passwords, however, can fail in the face of dictionary attacks or guesses based on information such as birth dates or the names of family members.”

It sounds like a neat, very promising security boost available for devices with precision input capabilities (computers with mice, mobile devices with touch screens, etc.), but the drawback is still the same as with any alphanumeric password: the user. Someone who doesn’t take the time to create a strong alphanumeric password probably won’t take the time to create a complex drawing. I think that adding this as an extra security layer on top of alphanumeric passwords is a good idea, but there are some hurdles to clear before it can completely replace your mother’s maiden name.

The technical findings PDF can be found here.

Copyright © 2007-2014 William Clayton