Thinking of this as an information problem instead of a security one, what is needed to solve it is something like the hash codes as used in cryptography.
You don't really need to show the *whole* password, just enough information derived from it so that the user will notice if there was an error. For an example on how it could work: - Say, the chosen password is HOMELAND. - As a simple hash, remove every second letter: HMLN - Shift each letter one character down: GLKM - For this result to be usable, combine each obtained letter with the nearest vowel: GILOKOMO If the user mistypes the password, a different check-word will be produced. For example: HOPELAMD -> HPLM -> GOKL -> GIOUKOLO *error, the password is wrong. Of course, a real hash function should be used that utilizes *all* the information in the original password, not half of it! The important property of a hash function is that the original information can't be recovered from it, so the password is safe. Much better for security than a plain-text exposed password, isn't it? This process has a small usability problem in that you'll have to learn the check-word for every new used password, but login is such a repetitive procedure that this learning should happen quickly. If you try to patent this procedure, I will claim prior art :-) Diego Moya ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... disc...@ixda.org Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
