An Australian teen thinks he’s got a solution to the world’s password problems: Use pictures instead.
Currently, most people make easy-to-guess passwords — and they use the same one across several services. It’s stupidly irresponsible, but the only alternative is remembering dozens of complex passwords.
But this week at the cybersecurity gathering PasswordsCon in Las Vegas, Sam Crowther unveiled another option. His app lets you pick a photo on your device as your password to a Web service, then transmits that as an incredibly long password.
It’s 512-characters long, to be exact.
Crowther’s logic: It’s easy for you to remember a specific photo. But it’s improbable that a stranger will get access to your device and know which photo you picked — especially if you keep hundreds of them on your device.
It’s a good bet against malware that spies on you, namely keylogging software, because the position of photos on your screen keep changing. And websites can frequently change the actual password without requiring you to do anything. You just keep picking the same photo.
And if that photo gets deleted, you can just reset the password to another one.
Crowther, 18, has held back from starting college yet to launch his picture password startup, uSig. Its tagline: “A picture speaks a thousand passwords.”
Per Thorsheim, a Norwegian cybersecurity consultant who organizes the conference, said Crowther’s idea is yet unproven. But he said it shows promise and a much-needed fresh approach to the current password dilemma.
That predicament is particularly relevant this week, as a cybersecurity firm revealed that Russian criminals have stolen 1.2 billion Internet user names and passwords, likely the largest such theft ever.