UI security topic: UI for private activities

Lamarque V. Souza lamarque at kde.org
Tue Jan 17 11:40:58 UTC 2012 

Em Tuesday 17 January 2012, Marco Martin escreveu:
> On Tuesday 17 January 2012, Thomas Pfeiffer wrote:
> > And this leads again to a topic we had already discussed previously:
> > Graphical passwords.
> > I'm still in favor of a graphical password solution since they
> > a) Have proven to result in better trade-offs between security and
> > memorability (I can provide studies in case of doubt)
> > b) Are much better suited for a touchscreen device than textual ones
> > They have their own problems, sure, but they are better than textual ones
> > (unless user apply very sophisticated methods for creating secure and
> > memorably passwords).
> 
> for this i happen to agree a lot with him:
> 
> http://www.networkworld.com/news/2011/122211-windows8-
> authentication-254372.html?hpg1=bn
> 
> 2 problems:
> a) much easier to sneak than someone typing
> b) it leaves a quite clear trace on the touchscreen surface
> 
> I think it's an example of cool looking novelty, but not working in reality

	What about a different keyboard layout for typing the password? My 
bank's ATMs use an eight-key keyboard (if I recall correctly). Each key is 
comprised for four two-characters words (slots). The password is comprised of 
three words (6 characters in total). The two-character words are randomly 
disposed between the 32 slots (8 keys * 4 slots per key). Now even if someone 
eavesdrops the device owner typing the password he/she will still have to 
guess the real password since the password is not as obvious as if you typed 
each password's character one by one. The device owner just need to tap three 
keys (the keys that contain one of the two-character word). I guess that is a 
good compromise between easy of use and security, at least against 
eavesdropping.

-- 
Lamarque V. Souza
KDE's Network Management maintainer
http://planetkde.org/pt-br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/active/attachments/20120117/4e2daee3/attachment.html>

More information about the Active mailing list