Kodewerx
https://www.kodewerx.org/forum/

HTML5 Canvas element for passwords
https://www.kodewerx.org/forum/viewtopic.php?f=24&t=7157
Page 1 of 1

Author:  James0x57 [ Mon Jan 11, 2010 9:30 pm ]
Post subject:  HTML5 Canvas element for passwords

http://www.w3.org/TR/html5/the-canvas-element.html

Don't you think that this element would make an awesome replacement for text passwords? That's the first thing that came to mind when I was reading the doc (linked above).

What do you think about this idea?

With a huge pallet of pre-defined colors, and/or a text field for the hex color, with a small canvas about 25px square (5x5), the number of possible passwords is far greater than a 25 character text password.



Oh, Security on over-the-shoulder-looking:
The square could use a white bg (meaning there is no color in that pixel or it is white) and every color you place is rendered as grayish in the square.
I don't know if there is option to do this built in, but maybe you could place the "real one" in a hidden div that reflects what you actually draw in. etc etc



HTML 5 isn't due to be finished until 10 years after the world ends but I think I'll definitely develop this, at least as an option, when it's ready.

Author:  Hextator [ Wed Jan 13, 2010 3:01 pm ]
Post subject: 

Certainly sounds interesting, but it seems like something others would want to use and be irritated with if you didn't spec it just right.

Don't forget to add 3D support in some zany way when they implement that OpenGL API! Something like picking a color gives you a tiny cube of that color that you must place at a specific point in 3D space for the password to be accepted.

Author:  Parasyte [ Thu Jan 14, 2010 11:34 pm ]
Post subject:  Re: HTML5 Canvas element for passwords

Canvas is already here, and WebGL already showing progress. (Yes, I follow Mozilla blogs. Not so much Chrome/Safari/Opera, but they are doing some great stuff, too.)

Author:  HyperHacker [ Wed Feb 17, 2010 12:52 am ]
Post subject:  Re: HTML5 Canvas element for passwords

Such graphical password inputs are nice in theory, but who is actually going to use and remember 99% of the possible inputs that just look like static garbage? It's not hard to remember something like "first letter of each word in some sentence" or "random Gameshark code I happened to memorize", but few are going to remember "black, white, white, white, black, white, black, white, white..." unless there's an obvious pattern to it, which severely weakens the security.

A few geeks might memorize a number, convert it to binary on the fly, and fill in the relevant pixels, but they'd also probably know well enough to use good strong passwords in the first place (and have the mental capacity to memorize strong passwords). Not to mention, you're turning the login process from two simple form fields into a graphical, Javascript-based, non-standards-compliant(?), not-widely-supported, easily-snooped-upon ordeal. Just requiring scripts for a login form is bad already; then add all this other nonsense that's not likely to work in a lot of browsers (handhelds in particular) and you've created one annoying site.

Page 1 of 1 All times are UTC - 8 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/