from Hacker News

Ask HN: Why aren't images used as passwords?

by poletopole on 7/23/21, 12:10 AM with 9 comments

• by fundamental on 7/23/21, 12:34 AM

  If you're submitting the same picture again and again then you might as well submit a cryptographically secure key (through some handshake, not necessarily uploading the key). If you're submitting images of the same physical object again and again, then you're in the domain of "is this match close enough". Deciding if something is close enough is non-trivial to compute and you end up leaking information about whatever you're taking pictures of.

  Both cases seem worse than using a normal password or a more secure cryptographic key.

• by retrac on 7/23/21, 1:38 AM

  An image is some bits. How do you enter it? Copy and paste? Why not just use a cryptographic key, as mentioned by another user. If the image needs to be exact then JPEG compression will be a horror show; many people copy images by taking a lossy screenshot.

  If it's more like a barcode or QR code (and JPEG resistant) that actually just encodes the real password, you're still relying on a camera, or the ability to copy-paste image data. This probably runs against the grain with what most users expect. I've never had to use an image file or webcam stream as a password before. I'd probably muddle through; but I'm not sure my mother would.

  That said, I wouldn't mind more passwords and one-time-keys especially on printed materials coming as QR codes. Why do I need to type in a 24 character key from a gift card?

• by yuppie_scum on 7/23/21, 1:44 AM

  Player how are you supposed to type in a picture?

• by lonnydonovan on 7/25/21, 4:22 AM

  A picture of a wolverine is used for an encryption algorithms. As for passwords, my guess is that they aren't practical, because any degradation to the picture will alter the bits and invalidate its purpose.

• by high_byte on 7/23/21, 6:56 PM

  As Louis C.K. said: "because some things are, and some things aren't"