Network World
Saturday, November 22, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Microsoft Subnet Blog

Microsoft Subnet
NetworkWorld.com > Community > Microsoft Subnet Blog

Navigation

RE: Forget sticky notes, Microsoft using inkblots as password reminders

By Micronet on Wed, 12/05/2007 - 9:14am

An interesting idea, but sounds complicated (just to pick a password). "For each inkblot the user enters the first and last letter of their word: bd for bird and sd for shield. A set of 10 images creates a 20-character password that Microsoft Research has shown is easily memorized but hard to crack." The thing is, users have so many passwords to remember. The ones that secure really important databases (to the user) they will memorize. All the rest will likely get written down somewhere, even if inkblots are involved.

More Microsoft Subnet blog posts
Microsoft buys photo sharing service WebFives
December giveaways from the Microsoft and Cisco Subnets
Research indicates Windows Server 2008 could flop
Microsoft's new robot plays soccer
VoIP Security Lessons Microsoft OCS Can Learn From Vonage and Others

Visit Microsoft Subnet for more news, blogs, opinion from around the Web.

Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Click to read the article this is in response to.

Permalink
Tags:

... and those that don't get memorized...

Useful answer?
0
By Keith Shaw on Wed, 12/05/2007 - 2:58pm.

I agree, and most systems now have the ability to either reset your password if you don't remember it, or will e-mail you your password if you forget it.

I remember the passwords for systems and Web sites that I use every day, but for non-occasional site passwords, if I can't remember it I just hit the "forgot password?" link and either get a new one that I change later, or have the password e-mailed to me.

Not for the super-secure systems, of course, just different Web sites that I have registrations for...

but..

Useful answer?
0
By Anonymous (not verified) on Fri, 12/07/2007 - 10:35am.

If they implement this on a Windows machine how will you get the email?

Visual "Q"

Useful answer?
0
By Michael D. (not verified) on Thu, 12/06/2007 - 1:01am.

It's visual cues, not "visual queues", you twonks.

cue: "a hint; intimation; guiding suggestion."
queue: "a file or line, esp. of people waiting their turn."

fixed

Useful answer?
0
By Anonymous (not verified) on Thu, 12/06/2007 - 10:37am.

fixed

It's the link with SSO that's interesting, not just the inkblots

Useful answer?
0
By John Fontana (not verified) on Thu, 12/06/2007 - 11:46am.

The inkblot research is four-years-old, but linking it with Web-based single sign-on (SSO) is where users see benefit.
You create ONE really strong password using the inkblots and use it to log into an OpenID provider and then the OID provider validates your authentication to any OID-compliant site on the Web where you have a password-protected account (not just MS sites).
That means you don' t have to create a password for each Web site you visit because the Web site trusts the OID provider to do that authentication. So the benefit is you don't have all those passwords for different sites. You don't have to do the "remember password" thing and then have the password in clear text stored in your in-box folder.
Of course, the one password system requires the user have a strong password (hence the inkblot method) because it is a single point of failure. If someone cracks that password they can get into all your accounts.
For this marriage to be effective, however, OID has to become more widely accepted. It is picking up steam, MS supports it in CardSpace, and version 2.0 of Open ID was just released.
Also, inkblot has to become more than a research project. But for now, the testing will show if this has legs or if it needs to go back to the drawing board.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <i> <b> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <br /> <br> <p>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

More Microsoft resources

RSS feed

RSS feed

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.

(OS community)
RSS feed (Microsoft RSS feed)

The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.

Advertisement: