[OpenID] New OpenID provider - using inkblot passwords

Jeremy Elson jelson at microsoft.com
Thu Nov 29 18:52:38 PST 2007


I'm writing to let you know about our new, experimental OpenID Provider at http://www.inkblotpassword.com.  Our implementation has a twist: we show you a series of inkblot images (similar to a Rorschach test) to help you create and, later, remember your password.

I'm part of a small group at Microsoft Research that does work in the security and distributed systems space.  A few years ago, one of our interns (Adam Stubblefield, now at Johns Hopkins) developed the idea of using inkblot images for password prompting.  He spent the summer doing a user study that showed that inkblots made it much easier for users to remember very strong passwords.  The goal is to reduce the use of weak passwords.  You can read about the user study at ftp://ftp.research.microsoft.com/pub/tr/TR-2004-85.pdf.  (There's also a summary of the research at http://research.microsoft.com/displayArticle.aspx?id=417.)

Last month, we decided to whip up an OpenID implementation of Adam's inkblot generator.  Right now it's pretty bare-bones, but if people find it useful, we'd be open to suggestions on what to improve.


Jeremy Elson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/general/attachments/20071129/803812f5/attachment.htm 

More information about the general mailing list