[Cryptography] Cost of remembering a password
Dave Horsfall
dave at horsfall.org
Sat Aug 16 11:44:37 EDT 2014
On Sat, 16 Aug 2014, Steve Furlong wrote:
> Cost of remembering a password or of using a CAPTCHA: borne by the users
> Cost of designing and building around passwords and CAPTCHAs: borne by the
> development team
At the risk of straying from the charter of this list (well, I suppose
challenge/response systems sort of fit in), if people knew just how easily
they were solved then they would quickly stop being deployed.
Over in the anti-spam community we've identified at least two ways:
1) Send them off to a boiler-room in Asia, for a pittance per image;
2) Put them on a soft-p*rn page and let teenage hormones do the rest.
Latency could be a problem, but with my eyesight I have enough trouble
reading them anyway, as the backgrounds and fonts become more and more
obscure. Mathematical questions can be plugged into a software
calculator, English sentences can be biased against those for whom it's
not their native language, etc. The cutest system I've seen was street
numbers taken at an angle and under-exposed, but then you have the problem
of distinguishing the alphanumerics (that being the idea).
I fear that the problem is unsolveable, and that spammers and other
criminals will always be with us.
-- Dave
More information about the cryptography
mailing list