One of the largest security challenges many organizations face come from the most basic aspect of security: user passwords. Humans simply have a limited capacity to remember otherwise insignificant streams of letters and digits; as a result, they often choose passwords that are easier to remember. Those memorable passwords, however, can fail in the face of dictionary attacks or guesses based on information such as birth dates or the names of family members. This week’s meeting of the Computer and Communications Security interest group of the Association for Computing Machinery saw the description of the latest attempt to balance security and obscurity: an improved form of the “Draw a Secret” method.
The basic concept behind Draw a Secret (DAS) is that humans excel at image recognition and memory, so “passwords” should be designed to leverage that ability. Initial implementations simply tracked the ability of people to use a stylus to draw a free-form shape on a touch-sensitive screen. But the people behind the new work have previously refined the technique by parsing the shapes with a flexible grid, which allowed them to more accurately recognize key features such as changes in the stroke’s direction. The primary limitation of this DAS system is the user’s ability to accurately redraw a complex shape from memory.
Graffiti, Security, Password