- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Wireless dangers at airports. Listen now!
Virtualization technology allows companies to respond quickly to ever-changing storage capacity requirements. Learn about how HP defines virtualization technology and how it applies to the HP 's newest Enterprise Virtual Array (EVA) storage system in this new white paper.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
I'm an American, and my government-funded schools taught me that government censorship is bad! It's...- Ben
In my last two columns, I’ve been looking at the pervasive problems we have in the security field in overcoming natural human tendencies to misjudge risk. In particular, I’ve pointed out that the well-known and documented tendency of normal people to write down passwords is a consequence of deep-seated difficulties we face in our in-built abilities to interpret and manage risk.
When I was reconnecting recently with an old friend from my NCSA (National Computer Security Association) days in the 1990s, I visited her employer’s Web site and found an interesting method for helping users avoid writing down their passwords (or choosing bad ones or even sharing them casually): Passfaces.
This software allows users to pick out recognizable faces that will authenticate them to their systems. Perhaps the best introduction is to look at the “Online User Manual” posted about the free “Passfaces Personal” product that anyone can download and try.
The basic idea is that a user sets up an array of photographs and puts some familiar ones into the pool to use as keys - the faces of people the user recognizes - then the software can produce a 3-by-3 grid of random selections, including one of the key pictures. The user picks out the familiar picture and then repeats the exercise twice more with new sets of eight strangers and one friend to authenticate the user.
Versions are available for Windows, for Web-site access control and for financial applications.
Passfaces offers a number of useful case studies and good PDF brochures about its products. I especially liked their white paper on “The Science Behind Passfaces,” which explains how human beings are particularly good at recognizing faces; indeed, it seems that we have special circuits that have evolved for rapid and accurate perception of faces.
The paper cites the following as advantages of “using Passfaces over passwords” (quoting the list exactly):
* Can’t be written down or copied
* Can’t be given to another person
* Can’t be guessed
* Involve cognitive not memory skills
* Can be used as a single or part of a dual form of authentication
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Re: Nightmare to implementBy Steve Morck on January 17, 2008, 11:23 amI wanted to comment on the issue of implementation and user acceptance. First, I would agree that forcing users to choose 3 challenge questions was probably a difficult...
Reply | Read entire comment
Passfaces and Shoulder SurfingBy Steve Morck on January 16, 2008, 11:13 amPassfaces Personal users can utilize the numeric keyboard to select their faces rather than the mouse. If you’ll notice, the 3x3 grid maps nicely to a numeric keypad...
Reply | Read entire comment
Wow! This is really great. IBy Eliza on October 15, 2007, 11:56 amWow! This is really great. I haven't heard until now about this method of authentication. I think it's really great and also it is more secure that other methods...
Reply | Read entire comment
Good idea but a nightmare to implementBy Shasikanth on October 11, 2007, 10:21 amWe had once tried get our users to register 3 secret questions that we could to authenticate when requesting password changes and I remember what a nightmare it...
Reply | Read entire comment
RE: Password management: Facing the problemBy Anonymous on October 11, 2007, 9:19 amThis method does not seem to cover the issue of shoulder surfing. Re: Password management: Facing the problem.
Reply | Read entire comment
View all comments