Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Tactile Passwords vs Shoulder Surfing 115

Posted by CmdrTaco from the does-that-eve-nwork dept.
holy_calamity writes "Entering passwords using a tactile interface would remove two of the main vulnerabilities of using keyboards and alphanumeric passwords say UK researchers. They're using sequences of tactile icons on a VTPlayer tactile mouse instead. Shapes are displayed using the 16-pin tactile displays under the user's fore and middle fingers. As well as being almost impossible for anyone else to observe, tactile passwords can't be guessable in the same way as many conventional ones, they say. A video shows it all in action." Not that the video really helps explain it very well.
This discussion has been archived. No new comments can be posted.

Tactile Passwords vs Shoulder Surfing More

Tactile Passwords vs Shoulder Surfing

Comments Filter:

  • Re:special tactile mouse needed .. (Score:4, Insightful)

    by The Evil Couch ( 621105 ) on Monday October 09, 2006 @08:36AM (#16362805) Homepage
    However it would be clearly visible to anyone looking over your shoulder. Even more so that the tradition keyboard password entry.

  • Er... (Score:3, Insightful)

    by tygerstripes ( 832644 ) on Monday October 09, 2006 @08:47AM (#16362885)
    Well... it is an interesting concept, and I like how they've made it work. Thing is, the problem is never the system, but the people using it. Shoulder-surfing shoudl be nigh-on impossible when the user touch-types at anything approaching a decent speed - it's the two-finger-jabbers who make it easy. The passwords themselves are only easy to guess because people are total gimps.

    Cool though this tech is, there is nothing so clever that fools can't render it worthless.

  • Re:special tactile mouse needed .. (Score:3, Insightful)

    by rs232 ( 849320 ) on Monday October 09, 2006 @08:51AM (#16362907)
    "However it would be clearly visible to anyone looking over your shoulder. Even more so that the tradition keyboard password entry."

    Actual pin is 1234

    Standard keypad layout ..

    789
    456
    123

    The screen shows ..

    251
    369
    847

    You click on 8473. The next time round it's a different keypad layout.

  • Re:special tactile mouse needed .. (Score:3, Insightful)

    by sxpert ( 139117 ) on Monday October 09, 2006 @09:11AM (#16363075)
    that pretty dumbass comment doesn't take into account that some people are blind, thus can't see the pretty pictures on the stupid screen

  • Re:Shoulder surfing? (Score:3, Insightful)

    by 140Mandak262Jamuna ( 970587 ) on Monday October 09, 2006 @09:16AM (#16363113) Journal
    What you just have one password? One password for all your accounts? The same password for the accounts in your work, for your accounts with your bank and brokerage account, and for the web mail and for the rarely visited "registration required" sites? That is insane.

    My personal password policy: I have four kinds of passwords. The highest and most secure ones are for the work accounts and my financial institutions. The next ones are for the web merchants who know my mailing address and credit card numbers. The third kind is the one where there is no money involved and thus not attractive to hackers like my webmail or slashdot. The fourth one is for home network, the router, the dsl PPPoE account, home machines administrator passwords.

    No two account I have use exactly the same password. Even if a bent sys admin snags my password, he/she cant damage anything more than account.

  • Re:special tactile mouse needed .. (Score:2, Insightful)

    by whyloginwhysubscribe ( 993688 ) on Monday October 09, 2006 @09:22AM (#16363171)
    Like an Optimus Keyboard [artlebedev.com]?
    I can't help but think that it would take too long to find each individual key. I suppose they could just display the numbers that are in your PIN and perhaps put them in the correct order so that it would be easier to find them.
    Why dont they ask for just 2 or 3 numbers from your PIN, like the way they do on online banking systems? Works well for me...

  • Re:Conflict (Score:2, Insightful)

    by mxolisi06 ( 1009567 ) on Monday October 09, 2006 @09:46AM (#16363439)
    I suppose the solution to this paradox is that the tactile mouse will display pointer only during tests, and in actual situations nothing will be observable.
    In actual situations, as the name "tactile" suggests, the user's fingers will lay on the pads, so nothing will be observable.

    The biggest flaw of this method is that it does nothing for keyloggers. Yea, maybe if your boss wants to know your password by peaking over your shoulder, it'll help. It won't help to protect you from your competitor or a black hat hacker who installed spyware on your PC.
    It seems to me that this method does protect from keyloggers. First, you'd need a mouselogger, since login isn't done via keyboard. But the thing is you'd need access to the piece of memory that maps the 9 squares to different tactile patterns, because the mapping changes each time. In short, you'd need root access to the machine, and then you don't need to guess the password anymore...

  • Re:Impossible? (Score:3, Insightful)

    by durnurd ( 967847 ) on Monday October 09, 2006 @10:49AM (#16364109) Homepage
    If you've got Superman trying to steal your password, I think you've got bigger problems than an insecure password.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close