Would You Give Me Your Password For A Candy?

The human factor can make identity management a tough challenge. There’s a classic scene in the popular TV sitcom Seinfeld where Kramer tries to figure out George’s secret password. Through a process of deduction, Kramer starts getting very close to the secret word (“Bosco”, a chocolate sauce George likes to pour on his cereal). “Ovaltine! Hersheys! Nesquick!” Kramer shouts, as George flees from the apartment.

Kramer probably should have just offered George some candy for the password and saved himself the trouble. I was reminded recently of a survey  that showed more than 70 per cent of people would reveal their computer passwords in exchange for a bar of chocolate (BBC News). Over a third of respondents didn’t require any kind of inducement and happily blurted out their password, no strings attached. And nearly four-fifths of the population would volunteer significant clues to their passwords in casual conversation.


And even if you are the type of person who is vigilant enough not to give away your password for a Hershey bar, remembering passwords is tough. Just looking at the average computer user using passwords to access email, blogs, newswire subscriptions and social media applications like Facebook and MySpace, remembering passwords can start to get awfully frustrating. And we haven’t even gotten to the office, where you may need numerous  passwords, including odd spelling, numbers and symbols, just to use all of your work applications.
So, it's too easy to give away passwords and it's too hard to remember them. But there may be a solution that can deal with both of these problems.

Humans are natural at pattern recognition. We remember pictures better than words, and much better than nonsense words containing odd punctuation marks and numbers. Instead of typing in passwords, we could just choose pictures.

Imagine a series of four screens showing pictures on different themes -- let's say, mountains, buildings, animals and fruit. On each screen, you select the picture that you like the best from fifty or so examples (eg. the craggy mountain with the orange moon behind it and pine trees at the base). Four screens later, you've got a password that you will always remember. Not only that; it would be extremely difficult to casually give away your password, since there would be far too many variables to describe except in a very long and involved conversation.

So, are we stuck with awkward uppercase-lowercase-letter-number-punctuation based passwords? More importantly, would you want to use this type of image-based password?