bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 5th Nov 2007, 13:02   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
New format proposes images to replace passwords

http://www.bit-tech.net/news/2007/11...ce_passwords/1

A graffiti-like approach to passwords has been proposed to aid in system security by using unique images as passwords.

__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 5th Nov 2007, 13:09   #2
kosch
Trango in the Mango
 
kosch's Avatar
 
Join Date: Feb 2005
Location: Cambridge, UK
Posts: 1,050
kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.kosch is definitely a rep cheat.
I can already imagine some hilarious Helpdesk calls involving users drawing certain body parts for passwords.
kosch is offline   Reply With Quote
Old 5th Nov 2007, 14:03   #3
DarkLord7854
Pew pew lazerz
 
DarkLord7854's Avatar
 
Join Date: Jun 2005
Location: Stockholm, Sweden
Posts: 4,643
DarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run Crysis
Quote:
Originally Posted by kosch View Post
I can already imagine some hilarious Helpdesk calls involving users drawing certain body parts for passwords.
I was thinking just that when reading through the article "I wonder how many people would have porn-oriented password.."
__________________
Asus P9X79 Deluxe | i7 3930K | 2x Asus GTX760 | 3x OCZ Agility3 240GB SSD - 1x WB Black 1Tb | G.Skill Ripjaws Z 32GB DDR3-1866 | Creative XtremeGamer X-Fi | Thermaltake Level10GT
DarkLord7854 is offline   Reply With Quote
Old 5th Nov 2007, 14:18   #4
<A88>
Trust the Computer
 
<A88>'s Avatar
 
Join Date: Jan 2004
Location: Guildford/Bournemouth
Posts: 5,441
<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis<A88> can run Crysis
Sounds viable, if not a bit crazy. Fortunately for me, my laptop remembers my passwords when I type them into a website for a first time and just lets me swipe the fingerprint reader to login on future occasions.

<A88>
__________________
unrelatedmatters.com
Twitter Facebook Last.fm Flickr
Core i7 930 | 6GB DDR3 Dominator | Asus Asus P6X58D-E | 2x1TB Samsung F3 [RAID0], 2TB F4 | Nvidia 9600GT | Fractal Design R2 | Samsung Blu-Ray
<A88> is offline   Reply With Quote
Old 5th Nov 2007, 14:50   #5
Hells_Bliss
Supermodder
 
Hells_Bliss's Avatar
 
Join Date: Apr 2007
Location: NC, USA
Posts: 548
Hells_Bliss has yet to learn the way of the Dremel
ugh, as an it guy, i'd hate to have to explain to new users "you need to draw in a complex password using more than 7 colours, not including your picture and it must have oil, water, pastel, and/or ascii art included"

the other problem is, i can remember the image but i'm no renoir so don't expect me to draw even a similar picture twice which means it'd have to be something relatively simple and that would be hackable using the same brute force tactics as now, ie a picture of mickey mouse, etc.
__________________
Asus P5N32-SLi Extreme, Intel Conroe E6600 @ 2.4GHz, 4GB Corsair XMS2 @ 1060MHz, eVGA GeForce 8800 GTX @ 621MHz, 2 WD 250GB 7200RPM HDD's, Creative Soundblaster Fatal1ty pro
Hells_Bliss is offline   Reply With Quote
Old 5th Nov 2007, 14:55   #6
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Surely: If pictures are easier for the human brain to remember and generate then it's easier for a person to hack and guess? Especially if the picture just has to be CLOSE to similar, not identical?

Also, how complex do they have to be? In order to provide decent protection it would have to have a fair bit of detail in, right? I don't want to be hampered with drawing stuff for 2 or 3 minutes everytime I log on...
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 5th Nov 2007, 15:14   #7
DarkLord7854
Pew pew lazerz
 
DarkLord7854's Avatar
 
Join Date: Jun 2005
Location: Stockholm, Sweden
Posts: 4,643
DarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run Crysis
Wouldn't just switching to fingerprint readers be more viable? It's not like they're expensive nowadays..
__________________
Asus P9X79 Deluxe | i7 3930K | 2x Asus GTX760 | 3x OCZ Agility3 240GB SSD - 1x WB Black 1Tb | G.Skill Ripjaws Z 32GB DDR3-1866 | Creative XtremeGamer X-Fi | Thermaltake Level10GT
DarkLord7854 is offline   Reply With Quote
Old 5th Nov 2007, 15:22   #8
Hells_Bliss
Supermodder
 
Hells_Bliss's Avatar
 
Join Date: Apr 2007
Location: NC, USA
Posts: 548
Hells_Bliss has yet to learn the way of the Dremel
Biometrics has its good points and bad points like everything else.

Good: Extremely hard to hack, easy to use (not like you're going to forget your finger or eye)
Bad: it's a stone cold bitch to change the enrollment when your password changes, administrator/group accounts that are accessed by more than one person would not be able to use biometrics, or then only a max of 10 people (1 for each finger) plus if you have a local admin account on each domain computer for IT guys, you'd have to enroll your finger print on every computer, that'd suck.

The current multiple authentication mash up is really where everybody needs to go. Smartcard, strong password, biometrics, RFID, etc.

drawings would really only be used as a complement to the other authentication methods, and like CardJoe said, i'd hate to have to draw in my stupid mickey mouse picture for 2-3 minutes just to be able to start work, that'd be a bad thing Monday morning pre-coffee.
__________________
Asus P5N32-SLi Extreme, Intel Conroe E6600 @ 2.4GHz, 4GB Corsair XMS2 @ 1060MHz, eVGA GeForce 8800 GTX @ 621MHz, 2 WD 250GB 7200RPM HDD's, Creative Soundblaster Fatal1ty pro
Hells_Bliss is offline   Reply With Quote
Old 5th Nov 2007, 15:46   #9
Dr. Strangelove
Supermodder
 
Dr. Strangelove's Avatar
 
Join Date: Mar 2005
Location: A dark & cold place, my computer room
Posts: 343
Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.
Quote:
Originally Posted by Hells_Bliss View Post
Biometrics has its good points and bad points like everything else.

Good: Extremely hard to hack, easy to use (not like you're going to forget your finger or eye)
Bad: it's a stone cold bitch to change the enrollment when your password changes, administrator/group accounts that are accessed by more than one person would not be able to use biometrics, or then only a max of 10 people (1 for each finger) plus if you have a local admin account on each domain computer for IT guys, you'd have to enroll your finger print on every computer, that'd suck.

The current multiple authentication mash up is really where everybody needs to go. Smartcard, strong password, biometrics, RFID, etc.

drawings would really only be used as a complement to the other authentication methods, and like CardJoe said, i'd hate to have to draw in my stupid mickey mouse picture for 2-3 minutes just to be able to start work, that'd be a bad thing Monday morning pre-coffee.
I must admit I fail to see why you think biometric would be so difficult to roll out...

first of all would the whole point of using biometric identification (like fingerprints) not make changing "passwords" unnecessary and if you did.. what are you going to do after they have used all their 10 fingers..(ask them to use toes?).
Since biometric identification is so difficult to hack I see no reason why you could not have several "passwords/fingerprints" for one account (that's if you want to limit the number of admin accounts) or all IT admins could have their own account. I guess depending on your network the number of people needing access to a local account will wary, but even then i think the security advantage is worth the slight hassle of getting local accounts set up for admins where needed. Also there is no reason why the biometric data cannot be copied (although it might prove a security problem) so that people can have local accounts set up without the actual user being present.
__________________
If it isnít broken, fix it.
If it is broken, mod it till it looks like it's meant to be broken.
Dr. Strangelove is offline   Reply With Quote
Old 5th Nov 2007, 16:17   #10
Cupboard
I'm not a modder.
 
Cupboard's Avatar
 
Join Date: Jan 2007
Location: Bury St Edmunds/Durham Uni
Posts: 2,148
Cupboard has yet to learn the way of the DremelCupboard has yet to learn the way of the DremelCupboard has yet to learn the way of the Dremel
Quote:
Originally Posted by Dr. Strangelove View Post
first of all would the whole point of using biometric identification (like fingerprints) not make changing "passwords" unnecessary and if you did.. what are you going to do after they have used all their 10 fingers..(ask them to use toes?).
and when you run out of toes, its time to get a new job!
__________________
i7 920, 5870, 6GB Corsair all in an Intel DX58SO; 60GB Vertex, 1.5TB F2; Fractal Design R2
ThinkPad Edge 13.
Cupboard is offline   Reply With Quote
Old 5th Nov 2007, 16:25   #11
Hells_Bliss
Supermodder
 
Hells_Bliss's Avatar
 
Join Date: Apr 2007
Location: NC, USA
Posts: 548
Hells_Bliss has yet to learn the way of the Dremel
Quote:
Originally Posted by Dr. Strangelove View Post
I must admit I fail to see why you think biometric would be so difficult to roll out...

first of all would the whole point of using biometric identification (like fingerprints) not make changing "passwords" unnecessary and if you did.. what are you going to do after they have used all their 10 fingers..(ask them to use toes?).
Since biometric identification is so difficult to hack I see no reason why you could not have several "passwords/fingerprints" for one account (that's if you want to limit the number of admin accounts) or all IT admins could have their own account. I guess depending on your network the number of people needing access to a local account will wary, but even then i think the security advantage is worth the slight hassle of getting local accounts set up for admins where needed. Also there is no reason why the biometric data cannot be copied (although it might prove a security problem) so that people can have local accounts set up without the actual user being present.
Well, the only experience i've had is with the IBM thinkvantage software, other software might be better but when you enroll a finger print on the ibm it enrolls it on one finger. you can use only your 10 fingers with that software. Also, if you're in a domain environment or are security conscious at all, you will/should change your password every 90 days. You can unenroll a finger, but like I said with the IBM software it's a stone cold bitch to do.

As to the local accounts, say i'm the it admin that set everything up; my finger print is enrolled on all the systems. I die in a car crash/get fired for watching porn. My replacement will not be able to log in with the biometrics, only with the password. he will then need to go to every system and enroll his finger print. This IT guy is in charge of 600 computers, 200 of which are laptops with remote sales guys. It'd be near impossible for him to unenroll me and reenroll his prints

I'm not sure if you can copy the biometric data, i'm not sure where the hashed file would be or what else it contains, say it holds the fingerprints for all enrolled users on that computer, you copy that file onto somebody elses computer that already has enrollments and you're either not going to log on or they're not going to be able to...or the software corrupts and you're both screwed

Like I said, it has it's good points and bad points. It's ideal for a sales guy thats the only one using the computer, but it's hard to administer from a domain or enterprise level.
__________________
Asus P5N32-SLi Extreme, Intel Conroe E6600 @ 2.4GHz, 4GB Corsair XMS2 @ 1060MHz, eVGA GeForce 8800 GTX @ 621MHz, 2 WD 250GB 7200RPM HDD's, Creative Soundblaster Fatal1ty pro
Hells_Bliss is offline   Reply With Quote
Old 5th Nov 2007, 16:26   #12
zoom314
Multimodder
 
zoom314's Avatar
 
Join Date: Jun 2003
Location: Yermo, CA, USA
Posts: 199
zoom314 has yet to learn the way of the Dremel
One word for this idea: DUMB
zoom314 is offline   Reply With Quote
Old 5th Nov 2007, 16:31   #13
Tomm
I also ride trials :¨)
 
Tomm's Avatar
 
Join Date: Apr 2004
Location: Fallowfield, Manchester
Posts: 2,249
Tomm has yet to learn the way of the Dremel
I have to say I'm a bit confused. I used to use a scribble to identify myself when I bought things in shops. But apparently that wasn't safe enough so I then had to use a 4-number PIN. And now we're going back to scribbles?

Oh lordy.
__________________
Carrot cake cheesecake
Shuttle SN85G4V2 | A64 3200+ / Apple PowerBook 12
Tomm is offline   Reply With Quote
Old 5th Nov 2007, 16:49   #14
airchie
Mod Master
 
airchie's Avatar
 
Join Date: Mar 2005
Location: London
Posts: 2,136
airchie has yet to learn the way of the Dremel
I think some people are confused about the exact way some of this works.

AFAIK, biometric fingerprint readers store a hash of your fingerprint data in the reader itself and when software asks for authentication, you swipe the finger and the reader passes the password to the application.
The software will still accept a password I think and as such, biometric fingerprint readers are only as strong as the password you use.
It just means instead of having to remember a 20char password, you can swipe your finger.

I'm not sure if you get corporate versions of this, where you can tie personal info/biometrics to a domain user account and allow that account to access the domain on any machine with a compatible reader.
If not, then it pretty much reduces biometrics to a useful way to remember your passwords, in much the same way as your browser might remember your passwords for you.

This picture idea however sounds interesting.
I can't see a way for hackers to brute-force this method other than have a robotic arm drawing millions of random images.
Assuming the algorithms behind the method are robust and not susceptible to cryptanalysis (like WEP for example).
And they have refined the method slightly from giving you a blank canvas.
They provide a sample image which might be a 3x3 grid of boxes for example.
All you need to do is draw a circle in box one, a cross in box 4 and a squiggle in box 8 and I'd assume you'd have a pretty strong password.
I don't think you'd need to re-create the mona-lisa just to log into the bit forums...

And if you consider that having the pre-provided image effectively allows you to create passwords (or should that be passpictures? ) much more accurately and with, on average, 10 extra bits, you can start to see the appeal.
10 bit is in effect an 18 char password instead of an 8 char one.
So several orders of magnitude more secure.

I think it'll be interesting to see where this goes.

Quote:
Originally Posted by Cardjoe
Surely: If pictures are easier for the human brain to remember and generate then it's easier for a person to hack and guess? Especially if the picture just has to be CLOSE to similar, not identical?
Not at all. If you give us both a blank piece of paper and ask us to draw the first things that come to our heads, we'll almost certainly draw something completely different.
Now ask us to try and guess what the other drew and re-create it without seeing it and I think we'd be there til the end of time.
Only problem I can see is if someone saw you drawing your secret, but its no worse than someone watching you enter your password/pin etc now.
Quote:
Originally Posted by Cardjoe
Also, how complex do they have to be? In order to provide decent protection it would have to have a fair bit of detail in, right? I don't want to be hampered with drawing stuff for 2 or 3 minutes everytime I log on...
I don't think you'd need to.
If you think of my example above with the 3x3 grid, you might only need to draw something in three of the boxes to have a strong password/picture thing.

Quote:
Originally Posted by tomm
I have to say I'm a bit confused. I used to use a scribble to identify myself when I bought things in shops. But apparently that wasn't safe enough so I then had to use a 4-number PIN. And now we're going back to scribbles?
Oh lordy.
I can see your point but if you think of it, your signature is easy to copy if someone is able to study it.
Also, that method relied on a human comparison to what you wrote to what's on the card.
This will rely on a computer alanysis, so even though the pictures will allow some tolerance for differences, it'll still be much more accurate.
Pin numbers for security is a joke IMO and I think signatures were probably more secure...
__________________
Laptop:C2D P8600 2.4GHz, 4GB, 9800GTS, 120GB SSD, 15" 1680x1050, Vista64
Projects: 1.2TB Fileserver housed in a cardboard box!|Retro HTPC for my GF.

Quote:
Originally Posted by astralwandrer
Being a legitimate customer of the games industry is increasingly like being in a relationship with an abusive spouse.

Last edited by airchie; 5th Nov 2007 at 17:00. Reason: adding quotes
airchie is offline   Reply With Quote
Old 5th Nov 2007, 16:57   #15
Dr. Strangelove
Supermodder
 
Dr. Strangelove's Avatar
 
Join Date: Mar 2005
Location: A dark & cold place, my computer room
Posts: 343
Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.Dr. Strangelove is the Cheesecake. Relix smiles down upon them.
Quote:
Originally Posted by Tomm View Post
I have to say I'm a bit confused. I used to use a scribble to identify myself when I bought things in shops. But apparently that wasn't safe enough so I then had to use a 4-number PIN. And now we're going back to scribbles?

Oh lordy.
^^ LOL
Quote:
Also, if you're in a domain environment or are security conscious at all, you will/should change your password every 90 days.
Well if the biometric login does not negate the need to change "passwords" then there is really not much point at all (unless you get fired after having changed your password twice, if you use eyes, 10 times if you use fingers (20 times if you include the toes but that might get smelly). The only way I can see you changing "passwords" with biometric identification is if the reader actually only uses say 1/1000 of the datapoints it reads and randomly chooses them, which means statically you can make quite a lot of "passwords" with the same finger.

Quote:
I die in a car crash/get fired for watching porn.
I assume that if you got fired you would be asked to supply your fingerprint so that another admin could take over, if you die, they just cut off your finger
as for a network with as many computers as you describe I would certainly hope that there was more than one admin.. or he would be one hell of a busy man. At least for windows networks remote/laptop users still use their network account to log in.

Finally I have no idea of whether there is software available that can do what I suggest at the moment, my point is that I don't see why biometric data could not be rolled out as the login method of enterprise sized networks.
__________________
If it isnít broken, fix it.
If it is broken, mod it till it looks like it's meant to be broken.
Dr. Strangelove is offline   Reply With Quote
Old 5th Nov 2007, 18:03   #16
Hells_Bliss
Supermodder
 
Hells_Bliss's Avatar
 
Join Date: Apr 2007
Location: NC, USA
Posts: 548
Hells_Bliss has yet to learn the way of the Dremel
Quote:
Originally Posted by Dr. Strangelove View Post
^^ LOL
Finally I have no idea of whether there is software available that can do what I suggest at the moment, my point is that I don't see why biometric data could not be rolled out as the login method of enterprise sized networks.
Well, it can and has been. You'd need a corporate application installed to do this though, the IBM software wouldn't suffice. Also, you'd use it as a multiform authenication ie: you swipe your finger print, put in your smartcard, and enter your password. You can do this, you just need to enable EAP/TLS authentication on the domain.

As a side note, I was watching Myth busters the other week and they were able to fool a fingerprint reader quite easily, they just got a dotmatrix printer to print out a fingerprint and then read it through the reader, kinda like the movies
__________________
Asus P5N32-SLi Extreme, Intel Conroe E6600 @ 2.4GHz, 4GB Corsair XMS2 @ 1060MHz, eVGA GeForce 8800 GTX @ 621MHz, 2 WD 250GB 7200RPM HDD's, Creative Soundblaster Fatal1ty pro
Hells_Bliss is offline   Reply With Quote
Old 5th Nov 2007, 18:04   #17
EmJay
Supermodder
 
Join Date: Jun 2007
Posts: 316
EmJay has yet to learn the way of the Dremel
I'd be worried about what happens when the computer crashes and the repair guy can't reproduce the scribble-as-password. One work-around would be to have the owner set up an unpassworded admin account before taking it in, but if it's really messed up he/she may not be able to do that. The other option would be to have the owner come in and physically enter the password at the appropriate point in the repair process - can you say pain in the neck?

It's still an interesting idea, though. Maybe it'd be good for web-based logins. Although if you give people a background image to draw on, I'll bet that 90% will just trace some of the major visible lines, which would be incredibly easy to hack.
__________________
Current status: Modding on
EmJay is offline   Reply With Quote
Old 5th Nov 2007, 18:19   #18
War-Rasta
Supermodder
 
War-Rasta's Avatar
 
Join Date: May 2002
Location: Santo Domingo, Dom. Rep.
Posts: 398
War-Rasta has yet to learn the way of the Dremel
Quote:
Originally Posted by airchie View Post
I think some people are confused about the exact way some of this works.

...biometric fingerprint readers store a hash of your fingerprint data in the reader itself and when software asks for authentication, you swipe the finger and the reader passes the password to the application.
The software will still accept a password I think and as such, biometric fingerprint readers are only as strong as the password you use.
It just means instead of having to remember a 20char password, you can swipe your finger...
Not on all cases. Fingerprint scanners on laptops do that since regular web applications are not intended to accept anything but a password. The scanners used to open doors and such don't actually use a password. They do a direct comparison of what the scanner is reading when you put your finger on it and comparing it to what it had stored previously. The same method could be implemented on computer software to avoid the use of passwords.

When it comes to setting up local accounts for admin staff, most companies have an image of how every type of computer they use should be like so they don't have to actually install everything from scratch in case an HDD or similar breaks down. Those images have the admin account already set up with a custom password that was created a the time of creating the image. I guess it would work with biometrics as well. The only problem would be when implementing it for the first time when you would surely have to go to every computer to set it up, but would be a one time thing, unless there was some way to set up the local accounts through the network as a one time thing or something.
__________________
Proud member of WarNet Inc.
WarNet Rulez!!
War-Rasta is offline   Reply With Quote
Old 5th Nov 2007, 18:39   #19
airchie
Mod Master
 
airchie's Avatar
 
Join Date: Mar 2005
Location: London
Posts: 2,136
airchie has yet to learn the way of the Dremel
Quote:
Originally Posted by EmJay
I'd be worried about what happens when the computer crashes and the repair guy can't reproduce the scribble-as-password. One work-around would be to have the owner set up an unpassworded admin account before taking it in, but if it's really messed up he/she may not be able to do that. The other option would be to have the owner come in and physically enter the password at the appropriate point in the repair process - can you say pain in the neck?
Really depends how bad the PC is messed up.
Entering passwords and drawing passpics both require the OS/software/app to be functioning in some way.
If it's functioning enough to accept passwords, it's likely be functioning enough to allow the removal of the password for maintenance.
If the PC is badly b0rked, it likely won't accept either form of authentication and will need a reinstall etc.
But there is a lot of grey areas for scenarios like this... :/

Quote:
Originally Posted by EmJay
It's still an interesting idea, though. Maybe it'd be good for web-based logins. Although if you give people a background image to draw on, I'll bet that 90% will just trace some of the major visible lines, which would be incredibly easy to hack.
Not really.
Even if you just traced the lines provided, the order they were traced in could also be taken into account.
Plus, if that was the person's attitude to security they'd deserve to get hacked.
They'd probably have set their password as 'god' or 'sex' anyway...

Quote:
Originally Posted by war-rasta
Not on all cases. Fingerprint scanners on laptops do that since regular web applications are not intended to accept anything but a password. The scanners used to open doors and such don't actually use a password. They do a direct comparison of what the scanner is reading when you put your finger on it and comparing it to what it had stored previously. The same method could be implemented on computer software to avoid the use of passwords.
Like I said, I'm not even sure how others on the market operate, just using my laptop's one as an example.
__________________
Laptop:C2D P8600 2.4GHz, 4GB, 9800GTS, 120GB SSD, 15" 1680x1050, Vista64
Projects: 1.2TB Fileserver housed in a cardboard box!|Retro HTPC for my GF.

Quote:
Originally Posted by astralwandrer
Being a legitimate customer of the games industry is increasingly like being in a relationship with an abusive spouse.
airchie is offline   Reply With Quote
Old 5th Nov 2007, 18:50   #20
Glider
/dev/null
 
Glider's Avatar
 
Join Date: Aug 2005
Location: Belgium
Posts: 4,173
Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.Glider is definitely a rep cheat.
If this becomes standard, I for one can never log in after a weekend of partying
__________________
There Are 10 Types Of People, Those Who Know Binary and Those Who Don't
Glider is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 11:52.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.