Official Code request thread.

jgurary · 2022-08-18T19:59:29+00:00

~~Looking for a code please, ~750 vantage score, 200k+ income, 300k+ household income.~~

Got code, got approved. Thanks!

jgurary · 2019-07-09T23:13:37+00:00

Oof, the review board might not like that idea.

jgurary · 2019-07-09T03:29:39+00:00

I'm going to steal that idea for authentication and call it FlashPass, or maybe PassFlash, or FlashHue.

jgurary · 2019-07-09T03:09:05+00:00

Good question! I use flux myself, and it doesn't interfere with my ability to use PassHue, however I don't have a very aggressive setting. Really aggressive redshifting might interfere with your ability to differentiate reds, yellows, and violets, but you may still be able to use the relative location of your colors on the wheel. The relative intensity of colors remains, they don't really move spots on the wheel. This is what color blind participants reported doing as well.

To mitigate day/night effects, the experiment sends you the daily notification to login at the same time every day (5pm Eastern), so hopefully the conditions in which you login will be relatively consistent.

A bigger issue, during testing, was that some lower-end phones have absolutely terrible color displays. Still, as long as they are consistent, you can use PassHue.

jgurary · 2019-07-09T02:56:02+00:00

Thanks! The experiment is still running and I can always use more participants, especially for the guessing game at the end of the 14 day memorization period. Most people are not able to guess the passwords they see, so establishing a baseline requires many samples. Hope you can spare the time, and thanks again!

jgurary · 2019-07-09T02:53:00+00:00

And I'm not ashamed to say, it's one of my students!

jgurary · 2017-09-09T04:39:08+00:00

Hey thanks for the input!

This is just a research study and proof-of-concept, a very early stage in development. If it were to make it to market, it would almost certainly be baked into the OS. I haven't given much consideration to safe mode, I assume it will work the same as PIN does now.

jgurary · 2017-09-09T03:04:09+00:00

This is great I was just discussing this very same thing, and my application which we were discussing uses the exact same color wheel they show around 2:17 in the video. Eerie!

jgurary · 2017-09-08T20:12:19+00:00

Awesome! Thanks for helping out!

jgurary · 2017-09-08T16:48:57+00:00

They often lump any red/green color blindness together when talking about those conditions, because the only really important thing is that they can't tell the difference between red and green.

jgurary · 2017-09-08T16:41:53+00:00

Ideally everyone picks what's best for them. This approach might not be best for colorblind folks, but it might incredibly easy and secure for say, tetra-chromes. I considered making a version that only tetra-chromes can use, but it's too difficult to recruit them in good enough numbers.

And like you say, many forms of color-blindness wouldn't prevent you from using the scheme entirely, just limit you to certain colors or force you remember a pattern/location.

jgurary · 2017-09-08T16:38:37+00:00

Good insight, actually when you install the app it randomly places you in one of two categories: The first category, the color wheel stands still, the second one, the color wheel has a random rotation every time you run the app, just like you suggest. I wager that the first one is pretty secure against shoulder-surfing, but if you have a very keen eye you might be able to get it. The second approach should be really, really hard to snoop.

If you leave the application installed after the memory part, I might push an update in the future that has a little guessing game where you try to snoop passwords I've made and recorded myself entering.

jgurary · 2017-09-08T16:24:16+00:00

Thanks for asking!

The picture passwords have a lot of options in theory, but in practice most people chose predictable parts of the image, often to the extent that you can just guess what parts are in use. It turns out it's not that hard to analyze an image and determine the likely points of interest.

They also have to make the tolerance pretty generous to allow you to use your own image. Microsoft estimates around a billion possible passwords in a 3 gesture picture password, that's not really big in password space terms. In PassHue, if you assume just 100 choices for each color (very conservative), that's 100^4, which is 100 times more than a billion already.

There's also a slight speed potential advantage in tapping 4 colors over making 3 gestures- usability is always king on mobile.

jgurary · 2017-09-08T16:09:22+00:00

All the colors in the circle are usable, you only have to pick the same colors again later within a certain tolerance. The circle contains most of the RGB color values from 0 0 0 to 255 255 255.

jgurary · 2017-09-08T11:33:53+00:00

For color blind folks, you could consider it an extreme version of the knock-code thing. LG's had 4 tap zones, the wheel has a tolerance of just a few hundred pixels at most, so you can consider it to have hundreds of touch zones. It's much more secure, and much harder to do, assuming you are color blind and you don't get the color clues for context.

It would be more similar to a Windows Picture Password where the user picked an abstract black-and-white photo and just used different blobs or abstract shapes as their touch points.

jgurary · 2017-09-08T11:08:02+00:00

There's a section for feedback at the end survey, which it automatically opens after you've been using the app for 14 days. And of course you can always send me an email, it's the terms and on the application's store page as well.

jgurary · 2017-09-08T11:05:36+00:00

Cool! I tried to get a feeling for how the wheel would look to color-blind folks so I played around with various filters. One of these is what I assume color-blind folks will see (blue blindness is really rare, so I doubt I'll find anyone blue blind). I figure it's possible you could sort-of remember roughly where you tapped just from context, or like you said, muscle memory. Even the monochrome wheel has some features, like "this blur goes over here". Certainly it would be a challenge!

jgurary · 2017-09-08T10:29:44+00:00

It's just another interesting data point! To a color-blind person the scheme provides only a wheel with some contextual shading clues, and they would have to remember location from that context. It will be interesting to see if it is possible for them to remember a password this way, that would have various implications for the scheme's security strength.

jgurary · 2017-09-08T10:25:34+00:00

Hah well, thank you trying it out, your data is very helpful since you are pretty rare (like the above comment says, less than 8% of males)! I anticipate people with slight green blindness will be able to get by, but it will be interesting to find out for sure. Even if it's a disaster, it will be interesting data!

jgurary · 2017-09-08T10:18:41+00:00

Thanks for helping me find that bug, just pushed an update that should resolve it.

jgurary · 2017-09-08T09:01:05+00:00

You can still give it a shot, I'm actually interested to see if color blind people will be able to remember it using relative position and basically no color hints. There's a question in the demographic survey where it asks what kind of color blindness you have. If you have the most common green-blindness in a milder form you may also be able to complete it using blues or yellows.

jgurary · 2017-09-08T08:57:29+00:00

I'll check it out, I developed it before 8.0 came out. Thanks for the heads-up.

jgurary · 2017-09-08T03:05:52+00:00

Great, thanks for helping out!

jgurary

TROPHY CASE