# Photos could replace passwords



## TechSocial (Dec 20, 2011)

Currently, most people make easy-to-guess passwords -- and they use the same one across several services. It's stupidly irresponsible, but the only alternative is remembering dozens of complex passwords.

But this week at the cybersecurity gathering PasswordsCon in Las Vegas, Sam Crowther unveiled another option. His app lets you pick a photo on your device as your password to a Web service, then transmits that as an incredibly long password.

It's 512-characters long, to be exact.

Read more


----------



## Ent (Apr 11, 2009)

Don't like. 
I want a password I can keep in my head. 
Firstly, I want to be able to type it in on whatever computer I'm using, without having to copy over a picture. That's mostly for convenience, but also because even if I delete it afterwards it's still physically on the hard drive. (In practice for computers I might be able to keep the photo on a flash drive (oh no! I haven't got many photos on that flash drive, and it's very easy to pinch), but for other devices that could be trickier.) 

Second, a lot of the people who pick week passwords (supposedly those this is aimed at) will do daft things like always use their favourite wedding photo (which they've also uploaded to facebook, pintrest, and their blog). That's assuming that they don't choose one of the four XP sample images thinking they're being unusual. 

Third, the bit about keyloggers getting confused by positions changing is nonsense. Keyloggers can collect whatever information they want to from the machine, a large number already take periodic screenshots. Further, if there's malware involved they can as easily upload or send back to a bad guy's server all the photos on my device (if clever they'll check access times and focus on the ones I open a lot) without going through the standard UI.
Again, if someone has access to my device I might have hundreds or possibly thousands of photos. That is the complexity of a regular password which is -- get this -- a grand two letters long! That's not counting the fact that shoulder surfing (watching someone logging in) is far easier for picking a photo than typing a password. 

Over all, it's probably marginally better from the perspective of people who literally set their password to "password", because at least the default makes them not fit the same pattern. Nevertheless, it's really breaks a lot of very sensible advice about security.


----------

