Tactile Passwords vs Shoulder Surfing 115
holy_calamity writes "Entering passwords using a tactile interface would remove two of the main vulnerabilities of using keyboards and alphanumeric passwords say UK researchers. They're using sequences of tactile icons on a VTPlayer tactile mouse instead. Shapes are displayed using the 16-pin tactile displays under the user's fore and middle fingers. As well as being almost impossible for anyone else to observe, tactile passwords can't be guessable in the same way as many conventional ones, they say. A video shows it all in action." Not that the video really helps explain it very well.
Re:special tactile mouse needed .. (Score:4, Insightful)
Er... (Score:3, Insightful)
Cool though this tech is, there is nothing so clever that fools can't render it worthless.
Re:special tactile mouse needed .. (Score:3, Insightful)
Actual pin is 1234
Standard keypad layout
789
456
123
The screen shows
251
369
847
You click on 8473. The next time round it's a different keypad layout.
Re:special tactile mouse needed .. (Score:3, Insightful)
Re:Shoulder surfing? (Score:3, Insightful)
My personal password policy: I have four kinds of passwords. The highest and most secure ones are for the work accounts and my financial institutions. The next ones are for the web merchants who know my mailing address and credit card numbers. The third kind is the one where there is no money involved and thus not attractive to hackers like my webmail or slashdot. The fourth one is for home network, the router, the dsl PPPoE account, home machines administrator passwords.
No two account I have use exactly the same password. Even if a bent sys admin snags my password, he/she cant damage anything more than account.
Re:special tactile mouse needed .. (Score:2, Insightful)
I can't help but think that it would take too long to find each individual key. I suppose they could just display the numbers that are in your PIN and perhaps put them in the correct order so that it would be easier to find them.
Why dont they ask for just 2 or 3 numbers from your PIN, like the way they do on online banking systems? Works well for me...
Re:Conflict (Score:2, Insightful)
It seems to me that this method does protect from keyloggers. First, you'd need a mouselogger, since login isn't done via keyboard. But the thing is you'd need access to the piece of memory that maps the 9 squares to different tactile patterns, because the mapping changes each time. In short, you'd need root access to the machine, and then you don't need to guess the password anymore...
Re:Impossible? (Score:3, Insightful)