Tap the Eyeball to Continue...
The advantage of asking the user to remember a location on a picture is the same advantage gained when moving from command lines to graphical user interfaces. The number of people who remember visual "THERE" information outweighs the nerdfolk like us who enjoy remembering arcane command line parameters.
I saw my wife connect to a network printer after she had briefly watched me do it in Windows 3.11; six months earlier! And for some reason, she never could remember the DOS commands to configure COM2: and redirect the port to the LTP1: device. Geez! Even when I wrote a batch file, she couldn't remember the batch file name. But six months after watching over my shoulder, she was able to re-connect to a printer on the network. Right after that incident, I moved from programming DOS to Windows.
The disadvantages are the same. If someone is watching over your shoulder and they see you tap the eyeball... I suppose we need privacy filters for our Pocket PC devices.
The Four Factors
How does a system know that a given user is who they claim to be? There are four factors that can aid in determining identity.
- What you know (UserID / Password)
- Who you are (Biometrics)
- Where you are (Physical Location, or IP Address)
- What you have (Smart Card, or other hardware)
About this Code
A friend of mine told me about a program that used pictures as passwords. First, you select a picture, then you select a spot or region on that picture. The act of tapping or clicking the spot is the "What you know" component. That sounded easy to write, and somewhat fun, so I wrote this application in about an hour.
This sample program could be used as an aid for "What you know". It works like any other password tracker out there. UserID and Password are stored in a database, in the case of this sample, the database is a SQL Server 2005 Mobile database. Once the data store is accessed, the username and password become available to the user.
The unique thing about this code is that access to the username/password information in the database is controlled by a "Hotspot" on an image. You can have different images for different username/password entries. In the screen shot displayed above, you tap the center of an eyeball to view the username/password information. Which eyeball? I can't remember...
Using the Code
The downloadable code contains a Visual Studio 2005 project. You can unzip the code into a working directory, and open it directly with VS2005. I don't think that there is anything special in the code.
This is not a complete "release version" password tracker. It's just something that I threw together in about an hour, because I wanted to play with the concept of visual passwords. I thought that this was an interesting concept, worth publishing just for the thought value.
There are two sites defined in the database, and no way to edit or add more via the program. If you want a full version of this, write me an email, and I will finish it out.
Points of Interest
Pocket PC development has come a long way since the days of WinCE, and mostly it's just like writing a WinForm application using Visual Studio 2005. There are still some potholes in the road, however. I discovered that the IO.Directory.Exists() function behaves differently when running on the PocketPC 2003 SE Emulator and the actual hardware. If you query for the existence of a directory containing a trailing backslash (e.g. "\SD Card\MyData\") the function will return FALSE on the emulator, and TRUE on the device. To get around this, I wrote my own DirectoryExists() function.
History
- 1-27-2006 rwd Original to CodeProject
- 1-30-2006 rwd Minor text editing
