A magazine where the digital world meets the real world.
On the web
- Home
- Browse by date
- Browse by topic
- Enter the maze
- Follow our blog
- Follow us on Twitter
- Resources for teachers
- Subscribe
In print
What is cs4fn?
- About us
- Contact us
- Partners
- Privacy and cookies
- Copyright and contributions
- Links to other fun sites
- Complete our questionnaire, give us feedback
Search:
The picture that’s worth a thousand passwords
Well-meaning parents sometimes say that words can never hurt you. Any kid knows they can, but even passwords sometimes get us into trouble. Passwords get stolen or cracked, and unfortunately the ones that are easier to remember are also less secure. To try and get around all these problems with words, a team from the University of Newcastle is getting rid of them altogether. Instead of using text in passwords, they’re using doodles.
Jeff Yan, the leader of the group, explains that people find it a lot easier to remember pictures than words. Like another famous saying goes, a picture is worth a thousand words. Their system gives people a way to put that memory power for pictures to good use, as an alternative to using text. “You draw a freeform picture – a doodle – then use the doodle as your password. That’s the main idea,” Jeff says.
Get drawing
Here’s the setup: on a screen you’re presented with a grid of 25 squares, five across and five down. That’s where you’ll draw your doodle. Behind the grid, in the background, is a picture. It could be anything – a flower, an elephant, a picture of you and your friends. When the computer asks you to set your password, you grab a mouse or a stylus and make your drawing directly over the grid and background. Later on, when you come to sign back in to the system, you draw the picture again. If it’s the same as the one you did earlier, you’re in.
You might have spotted a problem here. A picture might be easy to remember, but drawing exactly the same thing would be pretty difficult to do twice, let alone every day. Jeff is reassuring though, and says “you don’t need to replicate the doodle exactly”. In fact, the computer’s not really looking at the picture at all – at least, not like a human would. That’s what the grid is for. What the computer actually does when you draw your doodle is keep track of what square each line starts in, where it finishes, and what grid lines it crosses along the way. As long as those are the same in your drawing, you’ve drawn your password right.
Super security
You might still not be convinced you could make a doodle that’s simple enough to remember, but still strong enough not to guess. That’s where that background picture comes in. Not only does it help remind you of your password, it makes it more difficult to crack. Let’s say your background picture is one of you and your mates at a party. Personal pictures are a good choice, Jeff says, because your password’s more secure if the background “makes sense to you only”. If your password is to draw lines that connect all of your friends’ heads and feet together, you’ll always be able to redraw it when you’ve got the right picture behind it. But to someone trying to crack your password without the picture, it’ll just look like a bunch of random lines.
Jeff and his team are looking for ways to make the system even better. For example, they’re looking at ways to confuse people who try and look you’re your shoulder to steal your password. But already the doodle system can be thousands of times better than the strongest 8-character text password. Pictures can be a lot more powerful than words, and now they’re more secure too.
Images copyright © Newcastle University