Using colors rather than digits, chars, biometrics or keywords, for authentication

What if instead of entering a password or code, for a captcha, pin number or other authentication, you were asked to select four colors, each one out of 256 potential colors? In short, you password or secret code would be a set of colors.

The advantages are as follows:

  • Risky passwords such as "123456", "password", or a birthdate, would be eliminated.
  • Compared with a 4-digit pin code, a 4-color password offers 400,000 times more possibilities, and it is thus much harder to crack.
  • A color set is much easier to remember than (say) an answer to the question "what was your first pet's name" or "who was your favorite teacher".

Disadvantages are:

  • What about color-blind people? They would have to choose a different option (just like blind people can choose to hear the captcha, rather than seeing it)
  • Colors might change depending on the device and other conditions. The user could enter the wrong colors, very similar to the actual ones. Some algorithm is needed to make sure that if the 4 colors entered by the user are very close to the real "color password", it must be accepted. But this would decrease the strength of the "color password".

What do you think?

DSC Resources

Additional Reading

Follow us on Twitter: @DataScienceCtrl | @AnalyticBridge

Views: 756

Reply to This

Replies to This Discussion

I like coloured alphanumeric characters.

It's quite a good idea, but I can see a few other issues with it.

First, if you have an image, a screen grab of that image and a position on the page can tell you which pixel is likely to at that location, and from there, getting the color values would be a piece of cake (you can use Canvas and Javascript to do it).

Second, people are not always good at matching subtle distinctions in color, which 256 color palette would bring.

Third, gamma values vary between computers, so color matching is not always reliable.

I don't necessarily think this is overall a bad idea, but it would be worth testing with those caveats. 


© 2021   TechTarget, Inc.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service