Why Graphical Passwords are a Stupid Idea.
Graphical Password Authentication Schemes like; Passfaces, Graphical Password and Picture Password are starting to surface, but are they really the great idea corporations are making them out to be? The short answer is no. Why well there are two main reasons why they were created:
- To thwart Keyloggers
- To make passwords easier to remember.
Both of which are just silly, lets start with the #1 reason; “To thwart Keyloggers”. Keyloggers record the keystrokes that you make, ok now if we had to use a mouse, what difference it that from a keyboard? There are programs on the market now that record mouse movements, if you combine that with screen captures (Even just an arbitrary area around the cursor, to save space), so for myth #1: Busted!
Reason #2: To make passwords easier to remember.
Ok, now that we have busted myth #1 what about #2 making it easier to remember. Well the fact is that if you had to remember 8 pictures in order it would be harder than remembering 12 random character. Why because of the detail involved, also what about going from site to site or app to app or even OS to OS? At least with a keyboard you have a definitive character set. So moving from place to place doesn’t have to mean different icons. It would be like using a US keyboard and then switching to a Chinese Keyboard, see… Myth #2: Busted!
But it doesn’t stop there, no there are many other flaws:
You are most susceptible to “shoulder surfers” (People looking over your shoulder), as with a keyboard you can move it, and type a lot faster than clicking on icons. Thus “Text-Passwords” still kick Graphical Passwords in the behind. They are slower to input. And that they are harder to remember and also have a smaller “character set”, making them less secure than “text-based” passwords.
Passwords are the best way to keep something secure. Higher Biometrics like retina or iris scanners, are still not as good as a strong password but for usability are very good.
Steven
iory said,
June 11, 2007 @ 3:56 pm
U are not understood well what is the purposes of develop such scheme….compare it wit the traditional alphanumeric p/w it is far better than the traditional one. Beside, there is many more research currently applying to solve the shoulder surfing and the keylogger attack….did u read more on the password memorable space in the g/p scheme?If not yet….better do it before forward your stupid comments….
for the easier to remember…here is the point-can u remember this words uoyevoli (iloveyou) as your password? definitely it is hard to remember because it is hard to recall….so how many password u’ve created before in order to make it easy for u to remember? By using g/p it makes u easy to recall because according to the research done before it is easy to recall and recognize the previously seen image. This grate because u will not face the problem to remember ur created password. Additionally please compare the memorable space that the one g/p can provide with the alphanumeric password……