| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 122473 | 2011-12-22 12:24:00 | Windows 8 to feature image sign-on system | fred_fish (15241) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1250322 | 2011-12-22 12:24:00 | www.bbc.co.uk "The permutations of taps, touches and circles that could be drawn on a picture was likely to be far higher than those available from text-based passwords, said Prof Alan Woodward from the department of computing at the University of Surrey." In theory, maybe, in practice, I doubt it. And much easier to shoulder surf. |
fred_fish (15241) | ||
| 1250323 | 2011-12-22 14:37:00 | Its not more secure as far as combinations go but more secure on a user level, Eg we take this passphrase here: Ch0col@t3 several hundred thousand combinations but hard to remember, therefore the user opts for a simpler phrase such as chocolate. A visual and kinetic passphrase such as google's pattern and M$'s new face ID thing can be more complex yet easy to remember. I didnt describe this well, someone on neowin did an excellent explanation, ill try to find EDIT: Part of explanations You can swipe up, down left and right.. BUT do you actually know how long or the type of swipe, is it slow, is it fast.. is it light pressure is it hard pressure.. does the gesture have any pauses.. that adds INFINITE possibilities.. besides.. as I said.. it's NEW as it matures they WILL find better ways to make it work, it's not about security (most people don't even lock the phone) it's about convenience and giving users what THEY want to use THEIR phone! That is because we are focused on making "Hard to remember, easy for computers to guess" passwords. Encourage your users to come up with a non-sequitur phrase, they likely will have an easier time remembering it, and it will likely also have greater entropy than many of these hard to remember combinations. To steal from XKCD We'll take a word (Troubador) and mutate it: Tr0ub4dor&3 This has ~28 bits of entropy, and would take at most 3 days to guess at 1000 guesses/sec, and is going to be hard for most to remember Now, lets get the non-sequitur "correct horse battery staple" Even though we have ewer types of characters, we have a higher entropy, in fact our entropy is now ~44bits, which would take at most 550 YEARS to guess at 1000 guesses/sec, so it's harder for a computer to brute force. Now what about memorization? Odd phrases seem to have a way of clinging to your mind, and I think you'll find this is much easier to remember Required XKCD reading: xkcd.com xkcd.com /Explanation So, easy to remember with lots of data to crack... the thing is no matter how slim the chances of cracking a password are... probability states that it could happen the first time :p |
The Error Guy (14052) | ||
| 1250324 | 2011-12-22 19:52:00 | Its not more secure as far as combinations go but more secure on a user level, Eg we take this passphrase here: Ch0col@t3 several hundred thousand combinations but hard to remember, therefore the user opts for a simpler phrase such as chocolate. A visual and kinetic passphrase such as google's pattern and M$'s new face ID thing can be more complex yet easy to remember. I didnt describe this well, someone on neowin did an excellent explanation, ill try to find EDIT: Part of explanations You can swipe up, down left and right.. BUT do you actually know how long or the type of swipe, is it slow, is it fast.. is it light pressure is it hard pressure.. does the gesture have any pauses.. that adds INFINITE possibilities.. besides.. as I said.. it's NEW as it matures they WILL find better ways to make it work, it's not about security (most people don't even lock the phone) it's about convenience and giving users what THEY want to use THEIR phone! Yes, that's the theory. In practice though, there will need to be a fairly large fudge factor to account for differences in each entry, no two attempts will be pixel perfect, and remember the goal is ease of use not security. Also, when presented with faces, as per the example, I'm guessing there will be a surprisingly small range of actions chosen by a given sample of users, the nose to nose swipe, poking the eyes or drawing a smileyface over the top. That is because we are focused on making "Hard to remember, easy for computers to guess" passwords. Encourage your users to come up with a non-sequitur phrase, they likely will have an easier time remembering it, and it will likely also have greater entropy than many of these hard to remember combinations. To steal from XKCD We'll take a word (Troubador) and mutate it: Tr0ub4dor&3 This has ~28 bits of entropy, and would take at most 3 days to guess at 1000 guesses/sec, and is going to be hard for most to remember Now, lets get the non-sequitur "correct horse battery staple" Even though we have ewer types of characters, we have a higher entropy, in fact our entropy is now ~44bits, which would take at most 550 YEARS to guess at 1000 guesses/sec, so it's harder for a computer to brute force. Now what about memorization? Odd phrases seem to have a way of clinging to your mind, and I think you'll find this is much easier to remember This assumes the cracking algorithms are using the brute force 'per character' method. An simple attempt with an algorithm using whole dictionary words renders this approach almost trivial to crack. In fact there are tools that run through this type of crack as a 'quick' first step, before moving on to the 'standard' brute force method (probably due to the xkcd publicity and the debates it generated :)) |
fred_fish (15241) | ||
| 1250325 | 2011-12-22 22:18:00 | Only real way to protect it will be DNA testing ... you'll have to provide a blood sample to get into Windows 9 ... :D | SP8's (9836) | ||
| 1250326 | 2011-12-22 22:41:00 | Meh, we've had that sorta unlock thing in Android for a while now, though usually it's used to launch an app, such as drawing a "C" will launch the Camera immediately for example... | Chilling_Silence (9) | ||
| 1250327 | 2011-12-23 09:34:00 | The english language has 250,000 distinct words (oxford dictionary), 250,000^4 is 3,906,250,000,000,000,000,000 permutations. That will take some serious computer power to crack. | Fifthdawn (9467) | ||
| 1250328 | 2011-12-23 10:48:00 | Yup, I know there are holes in the theory but it does explain a bit of the working idea behind things. Basically the windows pattern is easy to remember but theoretically more secure because (i believe) it uses pressure as well as speed of line drawing to authenticate as well as having lots of combinations | The Error Guy (14052) | ||
| 1250329 | 2011-12-23 18:20:00 | All this from the company that promises us snappy voice recognition with each new OS - maybe they've given up on the spoken word due to the abbreviated vocabulary used when people speak to computers. Even should Windoze miraculously recognise the instructions, it is mechanically impossible to follow the commands. Unfortunately, when people gesture at Windoze computers, the range of gestures is pretty limited too. |
R2x1 (4628) | ||
| 1250330 | 2011-12-23 19:38:00 | All this from the company that promises us snappy voice recognition with each new OS - maybe they've given up on the spoken word due to the abbreviated vocabulary used when people speak to computers. Even should Windoze miraculously recognise the instructions, it is mechanically impossible to follow the commands. Unfortunately, when people gesture at Windoze computers, the range of gestures is pretty limited too. Why so sceptical, what has Bill done to you. Shown you what using yor brain can do perhaps.I see that can hurt. |
Cicero (40) | ||
| 1250331 | 2011-12-23 20:59:00 | Possibly a case not so much of what Bill has done to me but more a case of Bill regularly promising a great deal and failing to deliver. MS Fax, any of the voice commands / recognition slushware, etc. (He has delivered a lot more updates, hot fixes and other bug-injecting downloadable mischief than I expected though :D) |
R2x1 (4628) | ||
| 1 2 3 | |||||