How do you get users to make passwords that are simple enough to remember but complex enough that they
can't be guessed? One approach is to use pictures instead of letters, but how do you prevent someone from looking over
their shoulder and stealing their password? Some researchers at Rutgers have come up with a solution to the
"shoulder-surfing" problem. Their graphical passwords require users to choose in advance a set of
"pass-icons" and when they log in to identify three of them on the screen. Rather than clicking on the icons
themselves, though, the user has to click inside the triangle formed by the icons. Combined with multiple challenges,
the researchers claim it's secure. You can download a
demo implementation of graphical passwords or check out
screenshots (click on Using the Simulation) at their site, or read more about the technique in
The Rutgers Scholar.
Tags: graphical password, GraphicalPassword, passwords, security
