InkBlot Passwords
My blogging has been dry for a while (unlike the British weather). I am getting caught up, have been travelling loads, moving house and the dog ate my homework. I will be back to normal very soon and posting lots over the next few weeks.
This is an interesting MS Research project called Assira looking into InkBlotPasswords. com
Inkblot passwords solve most of these problems by helping users create a secure, personal password that is easy to remember. The user is presented with a sequence of random inkblots. Each should remind the user of a word — a butterfly or a pumpkin, for example. For each image, the user then types the first and last letters of the word that came to mind — such as by for butterfly or pn for pumpkin.
December 7, 2007 at 9:33 am
An interesting idea, but I am not convinced that it increases entropy enough to make a significant difference against todays efforts; particularly when you consider the efforts of rainbow tables and PS3’s being used today to crack passwords. Actually, this is a topic of interest to me and although I use very high entropy passwords; my concern is not that my passwords have enough entropy - it is that there exists today many other ways to compromise my accounts - password recovery; XSS, etc… in other words I fear that my high entropy passwords are irrelevant anyhow because the attack surface area has significantly increased (due to people not understanding security in the first place) just when I finally adapted to the solve the problems of the 1970’s central computing paradigm.