Don't tell anyone your pass-art

January 06, 2002

The problem with remembering passwords is that they have to be exactly right. But studies show humans are not very good at precisely recalling things. What they are adept at is recognizing something they have already seen. In particular, humans have a strong ability to recognize images.

So a team of graduate students at the University of California at Berkeley is working on a project called Deja Vu, which asks users to base their passwords on computer-generated abstract art.

A user picks out a personal portfolio of five colorful images. The pictures are based on mathematical equations that assign a color to each pixel in the image.

When a user has to identify himself to a computer, a Web site or a bank ATM, these five images are shown among a set of 25 images. The user then picks out the pictures from his portfolio.

In tests, 90 percent of the people were able to use Deja Vu images successfully, while only about 70 percent remembered their passwords and PINs.

"We wanted to base security on something we're good at rather than something we are bad at," said Rachna Dhamija, who is working on Deja Vu along with Adrian Perrig and Dawn Song.

Computer security professionals like the difficulty of describing the abstract images in Deja Vu because it makes it harder to share passwords. But the Berkeley team discovered that this characteristic may annoy users. Apparently, people do not like keeping secrets -- even passwords -- to themselves.

-- New York Times News Service

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.