Candid Shapes Password Review

(Published primarily in the proceedings of the ACM Conference on Computer and Communications Security (CCS) or related security symposiums like SOUPS).

The keyword "Password" in our phrase does not mean using the word password. It means appending a fixed "salt" unique to the service.

Base Candid Shape output: @7Z.8 (from the mug-corner-cable-dot-rings sequence). Candid Shapes Password

Full password for Gmail: @7Z.8Gmail! Full password for Bank: @7Z.8Bank!

Even if a hacker steals your bank hash, they cannot use it to access your Gmail. (Published primarily in the proceedings of the ACM

1. The Problem: Shoulder Surfing The paper addresses the vulnerability of traditional alphanumeric passwords and standard graphical passwords (like "Passfaces" or basic "click-based" systems) to shoulder surfing. This is an attack where an observer watches the user enter their password (either directly or via a camera) to learn the secret.

2. The Solution: Candid Shapes The authors propose a new graphical password mechanism called Candid Shapes. “A circle sun shines over a triangle mountain;

3. Key Contributions

Link shapes into a mental story:

“A circle sun shines over a triangle mountain; a star falls into a crescent moon lake.”

---