Saturday, April 13, 2013

On improving password security

It occurs to me that password security could be simply but greatly enhanced if the systems were to consider not only what we type but how we type it. I just had one of those strange standing-outside-yourself moments as I watched my hands entering my password for WoW, and realized that the way I type is nearly as distinctive as what I typed. A system that ignored the letters and paid attention to the "granularity" of my typing (speed, hesitations, keystrokes that run together) would identify me pretty well too. My WoW password is:

one two, three, four-five-six, seven, eight-nine ten

Anybody who had discovered the letters of my password and was typing while reading them would be typing very differently indeed, probably:

one two three, four five six, seven eight nine, ten

Not even remotely a match.

Software companies: start your engines.

2 Comments:

Blogger Agatha Macbeth said...

I do the same with my mobile number - I see it as xxxx xx x xx xx, not xxxxxxxxxxx. Maybe we break this stuff down into 'words'?

May 10, 2013 at 3:13:00 PM GMT+2  
Blogger Zhoen said...

I have to have such complex passwords at work, it would be lovely if they took my usual errors in typing as well. Like the VF is sometimes a bit fuzzy, close enough.

I learned to do a strong code by thinking about TYWKIWDBI. Get a phrase, with a potential number and punctuation, and hit the first letters, with whatever #s suggest, that sort of thing. Still sucks. I like your idea better.

May 23, 2013 at 3:31:00 AM GMT+2  

Post a Comment

<< Home