So, in that respect, images are a better solution than a password in text. For the sake of argument, lets assume a password, in text, can only consist of 255 different characters.

An image of 250×250 dimensions would give far greater ‘randomness’ — more possible pixels than characters in a text-password, thus brute-forcing isn’t as trivial as with text.

Navaho: Yah it’s definately an interesting concept, how are you going to brute force the image? I did think of that though, the backend has to have some kind of image map which sends the co-ordinates or something similar to the server, so theoretically can’t you just send all combinations of all co-ordinates to the backend, in time ‘brute-forcing’ the image verification? I guess the entropy would be increased hugely if you used multiple random images like you said. Definately good for websites and things like PDA/smart phones where they already have visual navigation aids.

It could even be a bit ’stronger’ if the person that wants to log-in has to choose one image out of many, first, and not always show the same scenic image of Amsterdam in the Netherlands…

Problems though are, like happened to Mariam, that one could easily forgetting a click. Or one does remember the clicks, but forgot in what exact order.

Then again, people have even worse problems remembering an alpha-numeric password at least 12 characters in length.

I can definately see this type of thing taking off. It would suck pretty badly for existing text-based services though (such as SSH). Don’t get me wrong, some ASCII art looks pretty cool, but there may be some problems there.

But for websites it could do the job perfectly.

Though, if it’s only to prevent people from forgetting their passcodes, I do not think that’s going to be solved. I grew up in the age of PIN codes and passwords so I don’t have any problems with remembering them, as long as I frequently use them. Most people will forget them because of exactly that. So this authentication scheme could fail just as much…

Just my two cents…