Researchers at Newcastle University have enhanced their Draw a Secret (DAS) technology. DAS allows users to draw graphical passwords that the researchers claim are over 1000 times more secure than text passwords, and easier to recall.

nn

This is just one of many research efforts focusing on alternative password-like schemes that use human image recognition facilities rather than our poorer text recall capability. These studies are interesting but they are currently limited in application because they assume that users have a small number of passwords.

nn

I have over 150 passwords for active accounts. I can manage those using a password manager like Password Safe or by using a hash password generator (there are many firefox add-ins). There are no tools to help me manage 150 graphical passwords, and such tools would be hard to develop and less convenient since you can’t copy & paste graphical passwords.

nn

150 is unreasonable you say? Here’s a selection that most developers will have: Google/Gmail, MSN passport, Slashdot and/or Digg, New York Times, SourceForge, CodeProject, Amazon, Reddit, Skype, AIM and/or ICQ, PayPal, Facebook, your blog, Feedburner, your bank, your work and home PCs, your PGP passphrase, and the root password. That’s around 20 passwords before you get onto vendor sites, discussion forums and the like.

nn

Online services need to move to a Single Sign-On (SSO) model to solve this problem, but you should be suspicious of OpenID and of biometrics. Once SSO replaces a plethora of passwords, graphical “master” passwords may become practical.

n