Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Senior Member fred_fish's Avatar
    Join Date
    Sep 2009
    Posts
    1,972

    Default Windows 8 to feature image sign-on system

    http://www.bbc.co.uk/news/technology-16247659

    "The permutations of taps, touches and circles that could be drawn on a picture was likely to be far higher than those available from text-based passwords, said Prof Alan Woodward from the department of computing at the University of Surrey."
    In theory, maybe, in practice, I doubt it.
    And much easier to shoulder surf.
    Burning all the diaries
    I'm just helping with inquiries
    Here at Lost and Found
    Another day above the ground

  2. #2
    Generic Member The Error Guy's Avatar
    Join Date
    Apr 2008
    Location
    Wellington
    Posts
    3,602

    Default Re: Windows 8 to feature image sign-on system

    Its not more secure as far as combinations go but more secure on a user level, Eg we take this passphrase here: Ch0col@t3 several hundred thousand combinations but hard to remember, therefore the user opts for a simpler phrase such as chocolate. A visual and kinetic passphrase such as google's pattern and M$'s new face ID thing can be more complex yet easy to remember.

    I didnt describe this well, someone on neowin did an excellent explanation, ill try to find

    EDIT: Part of explanations

    You can swipe up, down left and right.. BUT do you actually know how long or the type of swipe, is it slow, is it fast.. is it light pressure is it hard pressure.. does the gesture have any pauses.. that adds INFINITE possibilities.. besides.. as I said.. it's NEW as it matures they WILL find better ways to make it work, it's not about security (most people don't even lock the phone) it's about convenience and giving users what THEY want to use THEIR phone!
    That is because we are focused on making "Hard to remember, easy for computers to guess" passwords. Encourage your users to come up with a non-sequitur phrase, they likely will have an easier time remembering it, and it will likely also have greater entropy than many of these hard to remember combinations. To steal from XKCD

    We'll take a word (Troubador) and mutate it: Tr0ub4dor&3
    This has ~28 bits of entropy, and would take at most 3 days to guess at 1000 guesses/sec, and is going to be hard for most to remember

    Now, lets get the non-sequitur "correct horse battery staple"

    Even though we have ewer types of characters, we have a higher entropy, in fact our entropy is now ~44bits, which would take at most 550 YEARS to guess at 1000 guesses/sec, so it's harder for a computer to brute force. Now what about memorization? Odd phrases seem to have a way of clinging to your mind, and I think you'll find this is much easier to remember

    Required XKCD reading:
    http://xkcd.com/936/
    http://xkcd.com/538/

    /Explanation

    So, easy to remember with lots of data to crack... the thing is no matter how slim the chances of cracking a password are... probability states that it could happen the first time
    Last edited by The Error Guy; 23-12-2011 at 02:41 AM.
    The Master Of Deception


    >~~ i7 Sandy Bridge 2630QM 2.0GHz ~~ 4GB RAM ~~ATI 6770M 1Gb~~ 640gb Pri HDD 1tb Secnd~~<

  3. #3
    Senior Member fred_fish's Avatar
    Join Date
    Sep 2009
    Posts
    1,972

    Default Re: Windows 8 to feature image sign-on system

    Quote Originally Posted by The Error Guy View Post
    Its not more secure as far as combinations go but more secure on a user level, Eg we take this passphrase here: Ch0col@t3 several hundred thousand combinations but hard to remember, therefore the user opts for a simpler phrase such as chocolate. A visual and kinetic passphrase such as google's pattern and M$'s new face ID thing can be more complex yet easy to remember.

    I didnt describe this well, someone on neowin did an excellent explanation, ill try to find

    EDIT: Part of explanations

    You can swipe up, down left and right.. BUT do you actually know how long or the type of swipe, is it slow, is it fast.. is it light pressure is it hard pressure.. does the gesture have any pauses.. that adds INFINITE possibilities.. besides.. as I said.. it's NEW as it matures they WILL find better ways to make it work, it's not about security (most people don't even lock the phone) it's about convenience and giving users what THEY want to use THEIR phone!
    Yes, that's the theory. In practice though, there will need to be a fairly large fudge factor to account for differences in each entry, no two attempts will be pixel perfect, and remember the goal is ease of use not security.
    Also, when presented with faces, as per the example, I'm guessing there will be a surprisingly small range of actions chosen by a given sample of users, the nose to nose swipe, poking the eyes or drawing a smileyface over the top.
    That is because we are focused on making "Hard to remember, easy for computers to guess" passwords. Encourage your users to come up with a non-sequitur phrase, they likely will have an easier time remembering it, and it will likely also have greater entropy than many of these hard to remember combinations. To steal from XKCD

    We'll take a word (Troubador) and mutate it: Tr0ub4dor&3
    This has ~28 bits of entropy, and would take at most 3 days to guess at 1000 guesses/sec, and is going to be hard for most to remember

    Now, lets get the non-sequitur "correct horse battery staple"

    Even though we have ewer types of characters, we have a higher entropy, in fact our entropy is now ~44bits, which would take at most 550 YEARS to guess at 1000 guesses/sec, so it's harder for a computer to brute force. Now what about memorization? Odd phrases seem to have a way of clinging to your mind, and I think you'll find this is much easier to remember
    This assumes the cracking algorithms are using the brute force 'per character' method. An simple attempt with an algorithm using whole dictionary words renders this approach almost trivial to crack. In fact there are tools that run through this type of crack as a 'quick' first step, before moving on to the 'standard' brute force method (probably due to the xkcd publicity and the debates it generated )
    Burning all the diaries
    I'm just helping with inquiries
    Here at Lost and Found
    Another day above the ground

  4. #4
    Junior Member SP8's's Avatar
    Join Date
    Feb 2006
    Location
    Dunedin
    Posts
    2,391

    Default Re: Windows 8 to feature image sign-on system

    Only real way to protect it will be DNA testing ... you'll have to provide a blood sample to get into Windows 9 ...

  5. #5
    Where is Metla these days Chilling_Silence's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    17,146

    Default Re: Windows 8 to feature image sign-on system

    Meh, we've had that sorta unlock thing in Android for a while now, though usually it's used to launch an app, such as drawing a "C" will launch the Camera immediately for example...
    I mostly do Bitcoin & DigiByte things these days, feel free to say hi on Twitter: https://twitter.com/dgb_chilling

    Before you ask a question here, or before you get upset by a response, see here:
    http://www.catb.org/~esr/faqs/smart-...ons.html#intro

  6. #6
    Senior Member
    Join Date
    Jan 2009
    Posts
    170

    Default Re: Windows 8 to feature image sign-on system

    The english language has 250,000 distinct words (oxford dictionary), 250,000^4 is 3,906,250,000,000,000,000,000 permutations. That will take some serious computer power to crack.

  7. #7
    Generic Member The Error Guy's Avatar
    Join Date
    Apr 2008
    Location
    Wellington
    Posts
    3,602

    Default Re: Windows 8 to feature image sign-on system

    Yup, I know there are holes in the theory but it does explain a bit of the working idea behind things. Basically the windows pattern is easy to remember but theoretically more secure because (i believe) it uses pressure as well as speed of line drawing to authenticate as well as having lots of combinations
    The Master Of Deception


    >~~ i7 Sandy Bridge 2630QM 2.0GHz ~~ 4GB RAM ~~ATI 6770M 1Gb~~ 640gb Pri HDD 1tb Secnd~~<

  8. #8
    Awaiting Enlightenment R2x1's Avatar
    Join Date
    Dec 2004
    Location
    North Shore.
    Posts
    13,902

    Default Re: Windows 8 to feature image sign-on system

    All this from the company that promises us snappy voice recognition with each new OS - maybe they've given up on the spoken word due to the abbreviated vocabulary used when people speak to computers. Even should Windoze miraculously recognise the instructions, it is mechanically impossible to follow the commands.

    Unfortunately, when people gesture at Windoze computers, the range of gestures is pretty limited too.
    Entropy is not what
    it used to be.



  9. #9
    Frank and Earnest. Cicero's Avatar
    Join Date
    Dec 2004
    Location
    Waikanae
    Posts
    17,469

    Default Re: Windows 8 to feature image sign-on system

    Quote Originally Posted by R2x1 View Post
    All this from the company that promises us snappy voice recognition with each new OS - maybe they've given up on the spoken word due to the abbreviated vocabulary used when people speak to computers. Even should Windoze miraculously recognise the instructions, it is mechanically impossible to follow the commands.

    Unfortunately, when people gesture at Windoze computers, the range of gestures is pretty limited too.
    Why so sceptical, what has Bill done to you.

    Shown you what using yor brain can do perhaps.I see that can hurt.
    "The life of the dead is placed in the memory of the living." Cicero

  10. #10
    Awaiting Enlightenment R2x1's Avatar
    Join Date
    Dec 2004
    Location
    North Shore.
    Posts
    13,902

    Default Re: Windows 8 to feature image sign-on system

    Possibly a case not so much of what Bill has done to me but more a case of Bill regularly promising a great deal and failing to deliver. MS Fax, any of the voice commands / recognition slushware, etc.

    (He has delivered a lot more updates, hot fixes and other bug-injecting downloadable mischief than I expected though )
    Entropy is not what
    it used to be.



Similar Threads

  1. Win7 system image
    By bk T in forum PressF1
    Replies: 18
    Last Post: 26-11-2011, 09:40 AM
  2. The feature I'd like in Windows 8
    By Digby in forum PressF1
    Replies: 5
    Last Post: 29-03-2010, 07:07 AM
  3. Windows 'Remember Password' feature
    By sparq in forum PressF1
    Replies: 2
    Last Post: 11-06-2004, 01:58 PM
  4. Windows XP: "Send-to - Mail Recipient" Image Resize Feature
    By whiskeytangofoxtrot in forum PressF1
    Replies: 5
    Last Post: 04-03-2004, 11:14 PM
  5. Windows XP Pro Edition Single sign-on
    By cipher in forum PressF1
    Replies: 3
    Last Post: 10-12-2002, 06:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •