Graphical Passwords - What A Concept!

There are several ways of authenticating to a system. Have your ever heard of graphical passwords?

The concept is simple: You pick several icons to represent your password. Then when you want to authenticate a screen is drawn as a challenge to which you must respond. The screen has numerous icons, at some of which are your private password icons. You must locate your icons visually on the screen and click somewhere directly inside the perimeter they create -- but not on the icons themselves.

Here's a screenshot below of a demo program the helps you visualize the concept. Keep in mind that in a real world setting no icons would be highlighted in red, nor would there be a clearly visible colored region to click within. The screenshot is for sake of example in visually clarifying the concept.




In this example the authentication mechanism randomly chose to draw three of your many passwords icons on the screen(the three red circles at the corners of the triangle).Clicking anywhere within the pink colored area is considered to be a valid challenge response. By clicking somewhere within the area, but not actually on your icons, you thereby minimize the chance of a shoulder surfer discovering your secret icons. You could also configure the authentication mechanism to require several valid challenge responses before allowing access.

How cool is that?  I like it, although it does present an issue when logging in over a network connection, or when having to remember icons for numerous systems.

How about test driving a demo of this authentication system? You can do that right now by downloading a copy of demo at Rutgers University -- note that Microsoft .NET Framework 1.1 is required. Also be sure to read the related article, "Graphical Passwords," in The Rutger Scholar.

\[ Tip of the hat to Mirko Zorz for pointing this out over at HNS! \]