High tech: picture perfect?

Most people are incredibly lax about choosing and maintaining their computer passwords. Passwords are supposed to be chosen randomly and changed regularly--two things that few of us do. They also are supposed to be long. Most people, however, still use their own names, or pet names, or the name of a loved one. And then they write it down so that they can remember it. None of this is very safe computing behaviour, but considering few of us will actually force ourselves to remember long, complex passwords, software developers have taken it upon themselves to solve the problem. Pointsec Mobile Security (www.pointsec.com), for instance, has created something it calls PicturePIN--a technology that replaces PDA passwords with a sequence of graphic symbols that appear on the login screen. This allows users to compose a mnemonic story or phrase using the matrix of symbols, eliminating obvious names or words.

Because Pointsec's system only currently includes 13 symbols, it appears comparatively limited and, once you know the system, likely as easy to crack as word-driven passwords--after all, people are still likely to create a configuration of symbols that is easy to recall.

Researchers at Microsoft have taken the concept of using images to create a password a step further. The system they've created presents you with a random series of inkblots. You decide what each inkblot looks like to you, and then use the first and last letter of each word to create a password. For example, if you saw a fly, a dog, and a ladybug in three inkblots presented to you, your password would be fydglg. When you want to log in, the system shows you the same inkblots and you remember the words you thought of. As the researchers, Dan Simon and Adam Stubblefield, realized, "once we've identified the inkblot we see it the same way every time. And even though people sometimes see similar things in inkblots, they describe it in different ways." This makes passwords almost totally uncrackabe. For more information on the tests done to confirm how this worked, visit. research.microsoft.com/displayArticle.aspx?id=417.