PixPass - images instead of passwords

Introducing PixPass. It’s an alternative to passwords that uses images on your device to generate a secure password and the user simply has to remember which photo they used for a particular website.

I can’t test this directly as it’s only available on Android (would anyone like to have a go) but there is a demo video on the Play store which shows it being setup and used so I am basing my initial review on this.

I do think this is a good idea, however, you still need to remember a specific image for a specific website (instead of a password). Is this practical? I suppose I recognise people really easily (but can often not remember their names!) so maybe this is a good idea. I’d have to use it for a long time to really test this aspect. Does anyone have any experience of recalling associations based on images?

  • How long did it take you?

A few seconds longer than entering a traditional password. Looking at the demo video it looks like you have to select a specific keyboard input for the password field. This is an additional step and just takes a tiny bit longer.

  • What did you like/love?

I love the inventiveness of this. It’s a fun idea. I really dislike the idea that I will just not be able to remember in any sensible way which image I used for which site. 300+ logins it’s not practical. I also dislike that if I login to that service on my laptop but I signed up on my phone I can’t use this app (it’s only available on Android phones). Since the app doesn’t store the password it generates, no one (including me) knows what my password is so I can’t log in on another device without resetting the password.

Also, surely if someone just steals my pictures off of Facebook or my Picasa account or wherever then they could just push all the images through the machine until it works?

Even if you had 100000 images to your name, the one you chose to generate your password has to be one of them. These odds might not be as good as just having a fairly strong password.

It’s an interesting idea but not for me. Thoughts?

3 Likes

Yeah — my main thoughts reading your post are:

— doesn’t such a setup incentivise you to use one or a handful of photos for passwords
— aren’t you more susceptible to being hacked, e.g. as you say, someone stealing your photos and running a bunch of combinations (with keyboard inputs) against various sites.

Great write-up!

1 Like

Thanks! Photos are taken often for sharing. It’s not inconceivable that an uninformed user could literally use their profile picture to generate their password using Pixpass and voila. Possibly the most insecure option going!

1 Like