Chroma-Hash

It’s rare that IT security and aesthetics come even close to being related, however I stumbled across something on the Information Aesthetics blog this week which peaked my interest.

I’ve come across some debate recently around passwords. It seems to be becoming common knowledge that password security generally isn’t good enough these days, and 2FA or other strong methods should be used where possible. However, that’s an issue for another day – passwords clearly are in the majority when it comes to the average user’s experience of IT security.

Some sources suggest that password rotation is a bad idea, and others propose that the asterisks, or similar characters that obscure your password are nigh-on a waste of time – notably security expert Bruce Schneier. Masking passwords mostly serves to annoy users continually to avoid the virtually non-existant threat of someone reading the password over your shoulder.

It’s a potential solution to this password masking problem that I came across this week – a mechanism that displays a colour key next to the password entry box called Chroma-Key.

A hash of the text you’re entering for your password is generated in real-time. Each small change generates a significantly different hash, and it means you can see at a glance that you’re entering the correct password, hopefully avoiding your account getting locked through typos, but without revealing the exact password.

You can find out more about it on the author’s site, and the original article on Infosthetics.