Picture passwords to help fight cybercrime

2 November 2007

Scientists at Newcastle University have invented a new, more secure way to protect our personal information - using picture passwords instead of text and numbers. With identity crime on the rise, can doodles really help keep us safe? Antenna sketches out the facts...

Image: Newcastle University

Each year identity theft affects more than 100,000 people in the UK and drains a massive 1.7 billion pounds from the economy. Security experts recommend we use several different computer passwords to stay protected, but it can be hard to keep track without writing them down - hardly secure.

Now experts from Newcastle University have discovered that new picture password software could tackle the problem. They say that codewords would be easier to remember and more secure if we used a simple drawing instead of a combination of letters and numbers.

A recent survey revealed around 1 in 6 people use the same password for all their online accounts.

'Many people have lost money or sensitive personal information because their text password was cracked,' says Jeff Yan, a computer security expert at Newcastle University.

'Most of us have forgotten a PIN or a password at least once, which is why we tend to make them so easy to guess. However, the human mind has a much greater capacity for remembering images.'

Jeff Yan, Newcastle University.

Image: Newcastle University

Jeff and his colleagues have tested their new picture password technique on 67 people. The system involves sketching a simple design on top of a background image. Computer software tracks how a person draws his or her doodle, rather than just looking at the end result.

The background image is key to the technique's success - it helps people remember where to start drawing and encourages them to make their 'password' more complicated and less predictable.

The technique, called 'background draw-a-secret', uses a selection of images for people to draw on, such as a playing card, a crowd or a flower.

Image: Christophe Libert/Stockxchng

After creating their secret password images, the volunteers were asked to draw them again a week later. Jeff and his team found that 95% of people could re-create their doodle within three tries. The picture passwords were also over 1000 times more secure than current text-based codes.

Not artistic? Not a problem. 'Most people drew simple everyday objects such as cars, cups and houses,' says Jeff, who presented his findings this week at a security conference in Washington DC.

Drawing on top of an existing image worked better than using a blank background.

Image: Newcastle University

Where could we use picture passwords?

'Anywhere that a text password is used,' explains Jeff. 'Many PCs and laptops can use touch screens, so people can directly use their fingers to draw their password. Alternatively they could use their mouse.'

Many laptops have a touch screen of some kind.

Other experts are impressed by the potential of picture passwords. 'They are a very good idea and are easier to remember than normal passwords, particularly for people with dyslexia or who can't read or write well,' explains Les Fraser, security consultant to the British Computer Society.

'It's much harder to take a password off someone if it's a picture in their mind. You can look at something and know it's right, but it's hard to explain to someone else how to draw it. These kinds of passwords would be much more difficult to steal.'