Picture password protects your account from phishing

Jacob Aron, technology reporter

Find it a struggle to remember your password? Then you're in luck - researchers have developed a new kind of login that relies on the fallibility of human memory to prevent phishing attempts at stealing your account details.

One common anti-phishing technique is SiteKey, which requires users to choose an image and a message when they sign up. These are stored in a secret file on your computer and displayed when you enter your username, providing reassurance that you are on the legitimate site, rather than a lookalike set up by a phisher, and are safe to enter your password.

Great - except previous studies have shown that 92 per cent of people will still login when their secure image is missing. That's why researchers at Stony Brook University in New York have come up with an alternative system called PhorceField that makes it almost impossible to login without viewing the correct images.

PhorceField asks users to create a graphical password by choosing four images in a particular order from a set of twelve - you might choose pictures of a loaf of bread, a candle flame, and two more, for example. As with SiteKey, these images are stored in a secret file on your computer that only the legitimate website can access. When you login, you simply remember which images to click on among a set of others that aren't part of your password.

A phisher who wants to trick you into giving up your PhorceField password knows nothing about your secret images, and so must present you with a huge number of possibilities in the hope of getting the right set of pictures. This means you'll struggle to identify the correct ones - you might remember that your password includes a loaf of bread, but was it round or oblong? A close shot, or taken at a distance? Eventually, after a number of failed logins, you will just give up and leave the phishing site without ever having revealed your password.

The researchers tested PhorceField on 23 users and found that 76 per cent failed to reveal even a single image from their password during a phishing attempt, and none revealed the entire password - for once, being forgetful pays off. The team will present their work at the Annual Computer Security Applications conference in Orlando, Florida next month.

(Image: A PhorceField password prompt, using Creative Commons licensed images from the Flickr photo-sharing site)

Source: http://feeds.newscientist.com/c/749/f/10897/s/19d55314/l/0L0Snewscientist0N0Cblogs0Conepercent0C20A110C110Cforgettable0Epassword0Eprotects0Bhtml0DDCMP0FOTC0Erss0Gnsref0Fonline0Enews/story01.htm

beef wellington beef wellington ronnie brown man up man up wayne newton naomi wolf