New approach to authorization and captcha
One day, wandering around the Internet in search of an article I needed, I met a short remark from a certain Ingvald Straume that the password in the programs could be replaced with manual drawing of a signature with a mouse.
Indeed, after all, a password is such a thing that can be forgotten. But the signature (or some conceived squiggle) is a thing that, due to human figurative perception, is much more difficult to forget.
Of course, this is not a panacea. And applicable far from everywhere.
So. First of all, you need to memorize the sample signature. One that nobody knows about. Suppose when setting up a login on the site: we have a small div in which the actions of the mouse will be memorized (as far as I remember, this is in principle possible). Further, entering a password will be the same div in which the same manipulations should be performed. The strokes made (possibly sifted to reduce traffic) are transmitted to the server. There (now the funniest) handler is the neural network compares the current squiggles with the sample and gives a verdict.
Further, my thoughts about this idea:
1. Of course, many will put a cross. This is about the same audience that puts the password "123".
2. Signature cannot be used as a unique identification (login + password). Because some of the squiggles can be “too” similar (from that, neural network settings).
3. In continuation (2): if you completely abandon text logging, then the login and password are two separate squiggles. But, I'm afraid, in practice it will be inconvenient.
Finally, about the captcha. Here, in my opinion, this idea is where to turn.
All you need to do is to write: "Draw a triangle" or "Draw a square." In that div. You can probably fake the program, but not easy.
')
I am sure that in the course of commenting adequate criticism will appear and, perhaps, fresh ideas about how this could be used.
Indeed, after all, a password is such a thing that can be forgotten. But the signature (or some conceived squiggle) is a thing that, due to human figurative perception, is much more difficult to forget.
Of course, this is not a panacea. And applicable far from everywhere.
So. First of all, you need to memorize the sample signature. One that nobody knows about. Suppose when setting up a login on the site: we have a small div in which the actions of the mouse will be memorized (as far as I remember, this is in principle possible). Further, entering a password will be the same div in which the same manipulations should be performed. The strokes made (possibly sifted to reduce traffic) are transmitted to the server. There (now the funniest) handler is the neural network compares the current squiggles with the sample and gives a verdict.
Further, my thoughts about this idea:
1. Of course, many will put a cross. This is about the same audience that puts the password "123".
2. Signature cannot be used as a unique identification (login + password). Because some of the squiggles can be “too” similar (from that, neural network settings).
3. In continuation (2): if you completely abandon text logging, then the login and password are two separate squiggles. But, I'm afraid, in practice it will be inconvenient.
Finally, about the captcha. Here, in my opinion, this idea is where to turn.
All you need to do is to write: "Draw a triangle" or "Draw a square." In that div. You can probably fake the program, but not easy.
')
I am sure that in the course of commenting adequate criticism will appear and, perhaps, fresh ideas about how this could be used.
UPD:
Something today solid postings about authorization and captcha.Source: https://habr.com/ru/post/55671/
All Articles