Unconventional Passwords

I recently finished writing a chapter on CAPTCHA for Head First PHP & MySQL, a book that has managed to take over my life these days. That chapter got me thinking a lot about user names, passwords, and web security…and then I saw the article below. It suggests as an alternative to coming up with a word or phrase as an authentication password, maybe we should be considering using digital objects such as songs or images, or perhaps movies. Take me for example. My favorite movie is “Jaws,” so I could start using a digital “signature” of that movie (presumably extracted somehow from an MPEG file) as my password when accessing secure web sites. The problem is, many people I know happen to also know that “Jaws” is my favorite movie. So I could have friends and family members ruining my eBay feedback rating or selling all of my precious P.F. Chang’s stock on E*Trade just because they once happened to be invited to a “Jaws” movie night.

I’m trying to be open minded here but I’m not quite understanding how a song/image/movie, or any other digital content that is less scarce than random words and phrases could end up being more secure for passwords. But I like that there are some people thinking “outside of the box.” Seriously, short of Apple adding thumb or retinal scanners to all MacBooks, we do need some innovation in the area of password authentication. And hopefully something a little more creative than forcing me to include a number, mixed case, and a smiley in my password! In the meantime, go watch “Jaws” if you haven’t seen it lately — it’s a great movie.