AndersB

IT security advice needed

14 posts in this topic

Since there are a few IT boffins on this forum, I have a question for you:

 

Tablet devices allow for login using personalised swipe motions, but surely it must be possible to make a generic sketch authentication system for websites?

 

In some respects, a hand drawn sketch is a generalised signature.

 

So, why hasn't sketch based authentication taken off?

 

Share this post


Link to post
Share on other sites

Since there are a few IT boffins on this forum, I have a question for you:

 

Tablet devices allow for login using personalised swipe motions, but surely it must be possible to make a generic sketch authentication system for websites?

 

In some respects, a hand drawn sketch is a generalised signature.

 

So, why hasn't sketch based authentication taken off?

See Shoulder Surfing Attacks in link below

https://en.m.wikipedia.org/wiki/Draw_a_Secret

Share this post


Link to post
Share on other sites

Thanks for the feedback.

 

However, if it was possible to be so accurate with the style of drawing (pen stroke, speed, wobbliness, etc...) such that each sketch would be like a cognitive fingerprint - wouldn't that be a great thing?

 

Basically, I'm investigating the usefulness of being able to fingerprint the style of drawing of an individual, such that it would detect if someone else merely copied the sketch.

Share this post


Link to post
Share on other sites

Most people can't do their signature the same every time. That's how you were able to forge your mothers signature when you wanted a day off school. Your system will either be so strict as to be annoying to the user or so lenient it will allow attacks.

 

Realistically I don't think you would achieve much if you succeeded. The reduction in cognitive load is minimal compared to a system requiring bio authentication (no load at all) and so you would only have a brief window to monetise it and there are already similar systems to your in place you would have to compete with (android swipey passwords for example). Yours would have to provide an advantage over them.

Share this post


Link to post
Share on other sites

Most people can't do their signature the same every time. That's how you were able to forge your mothers signature when you wanted a day off school. Your system will either be so strict as to be annoying to the user or so lenient it will allow attacks.

 

Realistically I don't think you would achieve much if you succeeded. The reduction in cognitive load is minimal compared to a system requiring bio authentication (no load at all) and so you would only have a brief window to monetise it and there are already similar systems to your in place you would have to compete with (android swipey passwords for example). Yours would have to provide an advantage over them.

 

Good points. I'll have to think some more about the use case benefits.

Share this post


Link to post
Share on other sites

What tor and cobran said. Plus most peoples drawing would be a smiley. Or the drawing equivalent of password1.

 

My Ipad now has thumbprint scanning. Not sure how easy this is to spoof but harder than drawing. When everyone else is turning to two factor authentication (Google and Apple for example) drawing is still one factor.

Share this post


Link to post
Share on other sites

My Ipad now has thumbprint scanning. Not sure how easy this is to spoof but harder than drawing. When everyone else is turning to two factor authentication (Google and Apple for example) drawing is still one factor.

You don't watch enough TV crime procedurals :) Superglue ought to beat most finger print systems and the beauty of a tablet / phone etc is the prints are right there on the device...

 

Physical access is pretty damn hard to defend against though.

Share this post


Link to post
Share on other sites

You don't watch enough TV crime procedurals :) Superglue ought to beat most finger print systems and the beauty of a tablet / phone etc is the prints are right there on the device...

 

Physical access is pretty damn hard to defend against though.

 

Either I'm doing it wrong or it doesn't work. I even tried a pristine print.  :)

Share this post


Link to post
Share on other sites

My Ipad now has thumbprint scanning.

So does my phone. It almost never works. Could be due to using the thumb I use on the lighter - perhaps my thumb print has been worn away? I never bother with the thumb print and just use the pin now. After being turned off you have to use the pin too - totally negates the said convenience of using the print. 

Share this post


Link to post
Share on other sites

So does my phone. It almost never works. Could be due to using the thumb I use on the lighter - perhaps my thumb print has been worn away? I never bother with the thumb print and just use the pin now. After being turned off you have to use the pin too - totally negates the said convenience of using the print. 

 

It's always at least a couple of tries I admit. According to the movies my thumb can be cut off to hack my device so thank the spaghetti monster it's not a retina scan.

Share this post


Link to post
Share on other sites

Not security related, but I recently bought a new laptop. I decided not to muck around so upgraded to 16GB RAM and 1TB SSD. It's an incredible difference to having 4GB RAM and a SATA drive (and that's not taking into account the CPU/GPU). Silly me though as I forgot GPU specs so video editing software is a bit laggy.

 

Highly recommend SSDs and maximising RAM capacity.

Share this post


Link to post
Share on other sites

Highly recommend SSDs and maximising RAM capacity.

 

+1. Makes a bigger difference than going for a faster chip.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now