Posted on 4/20/2011, 3:41:25 PM by decimon
The combination of simple codes and Captchas, which are even more encrypted using a chaotic process, produces effective password protection
April 19, 2011
The passwords of the future could become more secure and, at the same time, simpler to use. Researchers at the Max Planck Institute for the Physics of Complex Systems in Dresden have been inspired by the physics of critical phenomena in their attempts to significantly improve password protection. The researchers split a password into two sections. With the first, easy to memorize section they encrypt a Captcha – an image that computer programs per se have difficulty in deciphering. The researchers also make it more difficult for computers, whose task it is to automatically crack passwords, to read the passwords without authorization. They use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process. These p-Captchas enable the Dresden physicists to achieve a high level of password protection, even though the user need only remember a weak password.
(Excerpt) Read more at mpg.de ...
Captcha if you can ping.
I wonder how roboform will deal with this?
I’ve been saying for a while that they should be using images or faces for passwords. Make 4 faces a password, and try to tell someone your password.
“Uhh... the guy with the mustache, the lady with the blonde hair, the kid with the braces...”
“Which mustache guy?”
And hackers would have to do random combinations to crack, which isn’t efficient.
I’m not sure I understand the process they are talking about. I understand the captcha, but not the process.
So does a user create 2 passwords? One easy and one really hard one. The hard password is then put through a captcha process and revealed on screen (along with several other captchas) after the initial password is entered? Then the use selects the proper captcha?
And is the captcha changed everytime?
I must be missing something because a human could easily tell if the same strong password is presented on screen each time and then you’d know which captcha to pick. And now you only need to brute force the easy password. I guess this would slow you down though as you still need a human to select the proper captcha each time.
People will still write their passwords on post-its - no matter what they do.
And I'm sure that I don't. Didn't stop me from posting. ;-)
yet another manifestation of Operation Chaos!
I think they are referring to a process some banks are now using. You have a password but also select an image from a bunch they give you.
Its the combination of the password and image that create the security. Trouble is the applications also use a cookie which save the image so all you have to do is type your simple password.
Does help keep others who don’t have your PC out. Plus they also track IPs and can control access based on it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.