|
Image files as passwords
I'm looking to build some new security features for a website which
will need stronger levels of password access, but I'm conscious from experience that users aren't very good with passwords and keep losing them or forgetting them so I don't want just bigger and better passwords. What I was wondering was whether image files would be better: 1. User is asked to upload an image and an access key to the website 2. The webserver takes the uploaded image, subtly modifies say 500 pixels by adjusting tone or hue a bit say so the image still looks OK to the eye 3. The server converts the image to a jpeg and saves a random start point from this file (away from the header) and say 500 characters on a database, plus a hashkey for the file itself. 4. The image is packed into a zip file which is password protected with the access key the user specified and sent to the user via email. 5. The user unpacks the image and saves it among other images (they can rename it too, and put it in a secure directory on their system if required). 6. When they need to authenicate themselves they upload the relevant image Note that the image is never shown on a website so it shouldn't be cached anywhere. This would have the benefit that the password image is easily recognisable to the user so easy for the user to remember whilst being difficult for a non-user to spot, it's also not obviously a password. It's almost impossible to hack from outside the users computer without a copy of the image - the data length is too big and too random for brute force attacks. The image can also be copied on to a memory card and used from other computers if needs be under the control of the user (like a house key essentially). The danger is that the computer or the memory card get stolen, or the images get copied, but even stolen it would blend in to other images on the system (personally I've got around 15,000 jpegs on this computer, but I could be unusual), or could be additionally secured or encrypted locally. Does any such system already exist? Does the server actually need to make modifications to the uploaded image or would a plain image do on its own? Are there any comments or am I just barking up the wrong tree? Saul |
Re: Image files as passwords
"Saul" <saul.dobney@dobney.com> writes:
> I'm looking to build some new security features for a website which > will need stronger levels of password access, but I'm conscious from > experience that users aren't very good with passwords and keep losing > them or forgetting them so I don't want just bigger and better > passwords. What I was wondering was whether image files would be better: They can lose the image files too, so you may as well use passwords. If you want something better than passwords, use hardware tokens. Paypal is selling those for $5 now, so they must have found a cheap source of them. http://blog.washingtonpost.com/secur...aud_token.html |
Re: Image files as passwords
On 22 Feb, 12:45, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> "Saul" <saul.dob...@dobney.com> writes: > > I'm looking to build some new security features for a website which > > will need stronger levels of password access, but I'm conscious from > > experience that users aren't very good with passwords and keep losing > > them or forgetting them so I don't want just bigger and better > > passwords. What I was wondering was whether image files would be better: > > They can lose the image files too, so you may as well use passwords. > If you want something better than passwords, use hardware tokens. > Paypal is selling those for $5 now, so they must have found a cheap > source of them. The problem with good secure passwords is they are eminently forgettable as our current users keep demonstrating - so they either pick weak or simple passwords or keep chasing us for password help, so I want something easier without losing password strength for an application where we really do want better levels of security. Oh and as we're just a smigeon smaller than eBay/Paypal hardware solutions aren't really available to us. Saul |
Re: Image files as passwords
On Feb 22, 6:33 am, "Saul" <saul.dob...@dobney.com> wrote:
> 1. User is asked to upload an image and an access key to the website > Does any such system already exist? Does the server actually need to > make modifications to the uploaded image or would a plain image do on > its own? truecrypt http://www.truecrypt.org/docs/?s=encryption-scheme (click on the highlighted word 'keyfiles') has a similar system in which they use a 'keyfile' in addition to or in place of a password any file can be used as a keyfile, (so any image file selected by the user is ok) in your setup, the server does not need to modify the image, (just hash it [sha-512 should be fine] ) and keep the hash to verify that the image file is unaltered) but the users have to be cautioned to use only an image that has not been e-mailed, posted, or otherwise 'leaked' and to safeguard that image as if it were an actual key vedaal |
Re: Image files as passwords
"Saul" <saul.dobney@dobney.com> writes:
> The problem with good secure passwords is they are eminently > forgettable as our current users keep demonstrating - so they either > pick weak or simple passwords or keep chasing us for password help, so > I want something easier without losing password strength for an > application where we really do want better levels of security. If they have to keep an image file around, why not just use a password. How about giving them a card with a password printed on it. > Oh and as we're just a smigeon smaller than eBay/Paypal hardware > solutions aren't really available to us. The stuff isn't that expensive. |
Re: Image files as passwords
"Saul" <saul.dobney@dobney.com> (07-02-22 03:33:42):
> I'm looking to build some new security features for a website which > will need stronger levels of password access, but I'm conscious from > experience that users aren't very good with passwords and keep losing > them or forgetting them so I don't want just bigger and better > passwords. What I was wondering was whether image files would be > better: > > [...] > > Note that the image is never shown on a website so it shouldn't be > cached anywhere. I disagree about the security of pictures. What's the probability that the image is not a copy taken from a web-site, an image shot by camera and uploaded to Imageshack, etc.? Like users tend to use their pets' names or their birthdays as passwords, they will google up a cool image and use that one. But what concerns me more about this concept: Even more likely, they will present them to friends: "Hey look, this is my password!", just to impress them. The story goes further. Users go, "What? You can use images as passwords? Cool!", so they'll do the same, which builds up a large network of cool users using cool pictures for authentication. Cool, ain't it? Take another approach. Build a CA (which is as simple as generating a self-signed certificate). The users need to generate certificates, which are transferred to the server and signed by it. Only users with a signed certificate will be let in. This also eliminates the need to authenticate explicitly, since you can save the certificate in the browser, so it presents it to the server automatically. Another interesting feature of this concept is that users can prove they are users of your service to others by presenting their certificate, if this is of any use. > This would have the benefit that the password image is easily > recognisable to the user so easy for the user to remember whilst being > difficult for a non-user to spot, it's also not obviously a password. > It's almost impossible to hack from outside the users computer without > a copy of the image - the data length is too big and too random for > brute force attacks. The image can also be copied on to a memory card > and used from other computers if needs be under the control of the > user (like a house key essentially). All this can be done with a certificate as well, with the additional benefit that users don't even have the desire to share it. > The danger is that the computer or the memory card get stolen, or the > images get copied, but even stolen it would blend in to other images > on the system (personally I've got around 15,000 jpegs on this > computer, but I could be unusual), or could be additionally secured or > encrypted locally. No problem with certificates. The corresponding private key is encrypted using a passphrase by default, and you can use the same certificate to identify to different services without a security risk. Just add additional signatures to it. > Does any such system already exist? Does the server actually need to > make modifications to the uploaded image or would a plain image do on > its own? Are there any comments or am I just barking up the wrong > tree? Probably barking up the wrong tree. Never use personal things as authentication secrets, because they aren't secret. On requesting an image, a lot of users will upload an image of themselves. Why? Because it's an `identification' image. Or just because the image represents themselves. Like authentication in real world is done by looking at the person. Remember: Users are dumb. Regards, E.S. |
Re: Image files as passwords
On 22 Feb 2007 03:33:42 -0800, "Saul" <saul.dobney@dobney.com> wrote:
>I'm looking to build some new security features for a website which >will need stronger levels of password access, but I'm conscious from >experience that users aren't very good with passwords and keep losing >them or forgetting them so I don't want just bigger and better >passwords. What I was wondering was whether image files would be >better: > >1. User is asked to upload an image and an access key to the website > >2. The webserver takes the uploaded image, subtly modifies say 500 >pixels by adjusting tone or hue a bit say so the image still looks OK >to the eye > >3. The server converts the image to a jpeg and saves a random start >point from this file (away from the header) and say 500 characters on >a database, plus a hashkey for the file itself. > >4. The image is packed into a zip file which is password protected >with the access key the user specified and sent to the user via email. > >5. The user unpacks the image and saves it among other images (they >can rename it too, and put it in a secure directory on their system if >required). > >6. When they need to authenicate themselves they upload the relevant >image > >Note that the image is never shown on a website so it shouldn't be >cached anywhere. > >This would have the benefit that the password image is easily >recognisable to the user so easy for the user to remember whilst being >difficult for a non-user to spot, it's also not obviously a password. >It's almost impossible to hack from outside the users computer without >a copy of the image - the data length is too big and too random for >brute force attacks. The image can also be copied on to a memory card >and used from other computers if needs be under the control of the >user (like a house key essentially). > >The danger is that the computer or the memory card get stolen, or the >images get copied, but even stolen it would blend in to other images >on the system (personally I've got around 15,000 jpegs on this >computer, but I could be unusual), or could be additionally secured or >encrypted locally. > >Does any such system already exist? Does the server actually need to >make modifications to the uploaded image or would a plain image do on >its own? Are there any comments or am I just barking up the wrong >tree? > > > >Saul Not a bad idea, but you do appreciate that a JPG file uses compression so any altered pixels are not necessarily the same after the image is saved. -- Jim Watt http://www.gibnet.com |
Re: Image files as passwords
Jim Watt wrote:
> Not a bad idea, but you do appreciate that a JPG file uses compression > so any altered pixels are not necessarily the same after the image is > saved. I think it's OK if they're different, but there would be a problem if the compression caused the changes to be lost completely. --Mike Amling |
Re: Image files as passwords
On 22 Feb 2007 14:57:40 EST, Mike Amling <spamonly@allspam.com> wrote:
>> Not a bad idea, but you do appreciate that a JPG file uses compression >> so any altered pixels are not necessarily the same after the image is >> saved. > > I think it's OK if they're different, but there would be a problem if >the compression caused the changes to be lost completely. Compression does cause total loss of some data. The only way I see to use the file is to save it, and then use the saved file. If the file is ever resaved as a jpg, it would most likely be different. -- Zilbandy |
Re: Image files as passwords
If you have users too stupid to remember their own chosen passwords, or
you use rules that make it nearly impossible to create human-memorable passwords, then have the user use something like PasswordSafe. It's free at sourceforge.net. They will, however, have to remember the password that THEY choose to let them open PasswordSafe but they are reduced to having to remember just one password using their own rules. |
| All times are GMT. The time now is 12:22 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.