David R. Conrad (drc@adni.net)
Thu, 15 Oct 1998 07:18:56 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 14 Oct 1998 mgraffam@idsi.net wrote:
> On Wed, 14 Oct 1998, David R. Conrad wrote:
>
> > With a standard password/passphrase you can avoid showing it as it's
> > typed, but picking images would have a lousy (or great, depending on your
> > attitude) shoulder-surfing potential.
>
> Yeah, this is a problem. A friend that is coding the GUI with me bounced
> that off of me. We don't plan on highlighting the points on the grid
> (well, we'll have an option allowing it, but by default it is off) so
> this will make shoulder-surfing a bit more difficult. By changing the
> mouse cursor to a thin cross hair and using a large number (and therefore
> small) of grid-blocks this should make it very difficult to pick up
> unless the attacker were literally hanging right on your shoulder.
Okay, here's a really off-the-wall idea. Display, over the image, an
animation of moving mouse cursors. The user would know which one was
really his, since he'd be watching it from the start and it would be
under his control. The animated cursors would occasionally stop, as if
they were clicking a spot. An observer wouldn't know which cursor to
watch.
David R. Conrad <drc@adni.net>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNiXaLYPOYu8Zk+GuEQJWrgCg6sCCZTOz/J5CYeFfptFnNpN4lDoAni1b
w/sSH2SZOSOlwHTUFrvacuWR
=Aans
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21