- The 10 dumbest mistakes network managers make
- Six Windows 7 features admins will actually care about
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- More porn sneaks onto the iPhone
Microsoft Research is investigating if the inkblot is a better idea than the sticky note when it comes to remembering passwords that aren’t easy for others to crack.
Researchers Jeremy Elson and Jon Howell, who work in the distributed systems and security group at Microsoft Research, have revived a project that uses inkblots, similar to the way Rorschach Inkblot tests are used, as visual cues to help users create and remember passwords.
On Monday, Microsoft Research opened a public Web-based project called InkblotPassword.com.
The Web site lets users create a password using a series of random inkblots and a formula to select letters. The user associates a word with the inkblot that corresponds to what they see in the image, such as a bird or a shield. InkblotPassword.com currently has 1,000 inkblots in its database.
For each inkblot the user enters the first and last letter of their word: bd for bird and sd for shield. A set of 10 images creates a 20-character password that Microsoft Research has shown is easily memorized but hard to crack. In fact, after a period of time many users remember the password without having to consult the inkblots, according to the research first conducted in 2004.
Typically such random and hard-to-guess passwords have been written down by users, on such things as sticky notes, and left by their terminals. Or users create weak passwords and use them over and over again at different Web sites.
Microsoft aims to change that by marrying the strong passwords and Web-based single sign-on technology.
Microsoft’s project combines the inkblot research with the OpenID protocol, which is used to create single sign-on for Internet
users. Version 2.0 of the OpenID protocol was released on Tuesday. In February, Microsoft announced support of OpenID.
With an OpenID, users can sign in once to an OpenID provider and then use that authentication to access any Web site that supports OpenID. Passwords that control the single sign-on can now be created with inkblots.
In addition, Microsoft is operating InkblotPassword.com as an OpenID provider so users also can use it as their single sign-on hub.
If we wanted to get people to try out a new authentication scheme the best way to immediately apply it to a large number of Web sites, in sort of this research context, would be to make it an OpenID server,” said Elson.
The Leader in Network Knowledge
Comments (6)
but..By Anonymous on December 7, 2007, 1:35 pmIf they implement this on a Windows machine how will you get the email?
Reply | Read entire comment
It's the link with SSO that's interesting, not just the inkblotsBy John Fontana on December 6, 2007, 2:46 pmThe inkblot research is four-years-old, but linking it with Web-based single sign-on (SSO) is where users see benefit. You create ONE really strong password using...
Reply | Read entire comment
fixedBy Anonymous on December 6, 2007, 1:37 pmfixed
Reply | Read entire comment
Visual "Q"By Michael D. on December 6, 2007, 4:01 amIt's visual cues, not "visual queues", you twonks. cue: "a hint; intimation; guiding suggestion." queue: "a file or line, esp. of people waiting their turn."
Reply | Read entire comment
... and those that don't get memorized...By Keith Shaw on December 5, 2007, 5:58 pmI agree, and most systems now have the ability to either reset your password if you don't remember it, or will e-mail you your password if you forget it. I remember...
Reply | Read entire comment
View all comments