h a l f b a k e r yI CAN HAZ CROISSANTZ?
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
So lets say you have a slate style touch screen device/tablet computer, with a conventional operating system. It has no keyboard. When you turn it on and the operating system boots to the login screen, how do you enter the password? Either you have to plug in a keyboard, or hope that the device
manufacturer included a special program that lets you type it in using an on-screen keyboard, then carefully poke at tiny letters to login.
Just now as I was trying to do this I though to myself "you know what would be easier? entering the password by touching areas of the screen in a certain pattern". For instance, instead of "ilovelolcats", your windows password would be "top right, bottom left, top right". Touching these areas of the screen in sequence is required to login. It would be much faster and easier. In fact, it would be so fast and easy that I will be surprised if I don't see 5 links to baked versions in a few minutes.
http://rutgersschol...brbirg/sobrbirg.htm
Graphical password schemes [jutta, Oct 10 2010]
Bruce Schneier on Biometrics
http://www.schneier.com/essay-019.html
Biometrics aren't secret. [jutta, Oct 11 2010]
Fourth Factor Authentication: Somebody You Know
http://www.rsa.com/...bs/node.asp?id=3156
[Wrongfellow, Oct 12 2010]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
| |
You guessed it --
[marked-for-deletion] Widely known to exist. |
|
| |
For example, passcodes in Android (a fairly widely used smart phone operating system). The general term for such things is apparently "graphical password schemes" (although not all of them are particularly suited to touchscreens). |
|
| |
Not only what [Ian Tindale] said, but also I've read a blog post from an IT security pro, who claimed to have cracked one of these by watching the owner's fingers fidget while he boasted about his new, "secure" toy. |
|
| |
No, give me fingerprint readers. It works on my
laptop, it will work on a tablet and it adds no buttons
so even Jobs should like it. |
|
| |
Also it doesn't leave smudges on the screen. |
|
| |
I will also accept facial recognition through the
camera. |
|
| |
I've not seen a fingerprint implementation that I liked - false positives and false negatives seem to be pretty rife. |
|
| |
The analog (of identification in general, not just fingerprints) in the physical world seems to be a key - or in some cases, a RFID card, or remote 'bleeper' - in other words, a dongle of some kind. |
|
| |
So we can either continue to use physical dongles (e.g. special key-cards, or usb-sticks - or biometrically register our own body-parts e.g. fingerprints, retina scans etc) or, more frequently, we use a sort of abstract 'dongle' a piece of information that supposedly, only we know - i.e. a password, a gesture, or perhaps a little dance (though these last two seem to merge the two domains of the physical and abstract together) |
|
| |
So dongles can be abstract or physical, and need to be registered in order to work properly. Is there any non registered-dongle related method for identification? Or are we stuck with these two options? |
|
| |
The ring idea is good, because the antenna naturally conforms to the shape. |
|
| |
[zen_tom]: It sounds like you're talking about the traditional three factors of authentication: "something you have", "something you know" or "something you are". |
|
| |
A bit of Googling found a paper that discusses a possible fourth: "somebody you know". I'm not sure this is really much different to "something you know", but then I haven't read the paper. <link> |
|
| |
Facebook have an interesting security feature. If you attempt to log on to your account from a new location (e.g. you're on holiday in another country), it will ask you to match names to faces from your Facebook 'friends'. I assume there's some sort of lockout if you keep getting these matches wrong, and I'm not sure what would happen if you only had a very small number of friends.
Also related to this idea, there used to be a company which tried to get around the non-secret nature of biometrics and the stealability of PINs by creating a sort of 'biometric PIN'. In this scheme you would present three different fingers in a predefined sequence to a fingerprint reader - the fingerprints would show it was you (caveat: PVA glue, etc.) and the sequence would demonstrate that you knew the 'secret' - again, not easy to see how much more secure this makes things. |
|
| |