Chroma Hash

[Umbra]

If you can't remember your password, how could you possibly remember a sequence of 3 very specific colors?! :O

Note that the colors include multiple shades of color, not just basic green, basic red, basic blue, etc etc.

But if you get even one letter wrong, the output from the chroma hash will be significantly different - enough for you to know that you did something wrong. You won't have to remember the specific hue, just the general color itself. Blue, Green, Purple is easy enough to remember, don't you think?

In addition, since it's a visual cue and not a text string, it's memorized in a different way. You won't have to explicitly remind yourself that something's wrong; if your chroma hash has suddenly turned Red, Orange, Green instead of Blue, Green, Purple, you'll know instinctively that it looks wrong.

[Deleted]

This is really the first time I see a Chroma Hash. It seems to be an interesting and visual way to figure if you got your password right. I'd still like an authenticator, perhaps on my phone, but this is an interesting system that seems to work so why not?

Plus, I kinda enjoy the pretty colours and can see that someone who is a bit silly might forget their password but safely write the colours down and try and see what password do they remember that has the right colours, without being locked out.
Also, about the whole 'people walking behind me will see the colours and know my password'... why would you not notice the guy staring at your computer screen in a public space, that is close enough to clearly see what you are typing anyway?

[Larynx]

I'd like a way to disable it, but it's not really that big of an issue honestly.

[grandpab]

I'd like a way to disable it, but it's not really that big of an issue honestly.

Save password!

[DrakeWurrum]

But if you get even one letter wrong, the output from the chroma hash will be significantly different - enough for you to know that you did something wrong. You won't have to remember the specific hue, just the general color itself. Blue, Green, Purple is easy enough to remember, don't you think?

In addition, since it's a visual cue and not a text string, it's memorized in a different way. You won't have to explicitly remind yourself that something's wrong; if your chroma hash has suddenly turned Red, Orange, Green instead of Blue, Green, Purple, you'll know instinctively that it looks wrong.

kitty2
kitty2
kitty2
kitty2
kitty2
kitty2
kitt2y - CAN'T LOGIN! INCORRECT PASSWORD

Funny. I thought I already got an indication of a wrong password. Limiting password attempts, in my experience, only serves to hurt the account owner, not help.

[Larynx]

Save password!

Asking to get hacked. @_@

[grandpab]

Asking to get hacked. @_@

And typing it in has no risks? key loggers?

[Larynx]

And typing it in has no risks? key loggers?

Quote me on when I said typing has no risks. ^^

[DrakeWurrum]

And typing it in has no risks? key loggers?

It's more of a risk than typing it. It's easier to get information from your computer than it is to sneakily install a keylogging program onto it to collect data that otherwise isn't saved.

[khh]

it is there for the people who are too tech inept to realize caps lock and so on

people who work at support knows how many time you get calls from people like that
"i cant login!!! i cant login!! something is broken there *PANIC*"
then after 40 minutes of work, they realize they just been using the wrong password

[Drakhar]

Asking to get hacked. @_@

I'm actually curious about this, how is the password saved? I'm a bit neurotic when it comes to security sometimes, so this is a big deal to me lol

[Zao]

It seems kind of useless to me also.
I barely look at my screen when typing my password. Hell I don't even actively think of it, I just go over the same sequence of keys.

[Arkenaw]

I'd like to see coin locking similar to what rift did for account security. That's my favorite by far, authenticators are a hassle.

[Drakhar]

I'd like to see coin locking similar to what rift did for account security. That's my favorite by far, authenticators are a hassle.

How does that system work?

[Deleted]

Well, I suppose when you write your password many times you will recognize your color, since everyone get a different set of color with their password. So one day, when you're either drunk, or half asleep, or something, and tries to log in, you write something wrong, so instead of your colors going Red, Orange, Orange, like mine, it well probably end up like Red, Orange, Yellow.

So instead of going to support and write a useless ticket about you being hacked, or that their client is wrong, you will see that the color doesn't match what it's supposed to be.

So instead of panicing, type your password again slowly, and the colors will match.

If not, shit bricks!

[mafao]

I like the idea, beats using authenticators, and crap like that to make sure your account is safe.

That does not substitute an authenticator in any way. People can still steal your password and hack your account.

---------- Post added 2012-04-26 at 07:57 PM ----------

Asking to get hacked. @_@

I think its possible to store a password locally in a secure way. For example, store the password encrypted via a public key, this way, only the server will be able to decode the actual password using its private key. This way hackers won't be able to get your password and thus manage your account. They would still be able to log in onto your in-game account using a hacked client though... I don' think its possible to make the whole protocol secure. But tis been quite some time since I last had anything to do with cryptography

[Arkenaw]

How does that system work?

Basically it locks your account from being able to do anything that involves currency or items like buying/selling/deleting items or using mail or the auction house until you confirm your location using a code from an email sent to you.

[Hockeyhacker]

This is only a really minor thing, but I wanted to ask.

A) Doesnt the Chroma Hash seem a little... useless, to you? It's a nice feature and all, but if I've mis-typed my password I'll know in a few seconds when the game tells me my login is incorrect.

B) It also seems to have generated a little storm about people panicking that others will be able to guess their passwords if theyre walking past and see the colours. It's a bit silly, but something that makes buyers worry about account security is never a good thing.

C) What are your views on it?

P.S. I hate the colours my password gave me D=

A) It may seem useless at first glance, but think about it this way, say you use 20 different passwords for your different accounts of email, bank, web forums, games, etc. Now say you know your password is lime green yellow brick red, if you forgot which of your 20 passwords you use then you can figure it out without sending a bad attempt. Now at first you think "well I can just try wrong 19 times and it takes 2 seconds so big deal that I don't have to press enter, with the colors there it eliminates the excuse of "I forgot which one of my dozens of passwords it was" to where the anti brute force system in place can be a lot more strict, if someone tries to brute force your account then it locks them out after say 3 wrong attempts within 10 minutes, with the colors there then you should not accidentally lock yourself out by tripping the anti brute force programing.

B) Worrying about that is like if you where to worry 10 years ago if someone got a hold of a list of MD5 passwords, in MD5 those passwords are (or at least at the time where) next to useless since that was not an easy algorithm to crack.

C) If they use the colors being there to allow the anti brute force programing to be more strict, then great. As for people worried about someone figuring out their password based on the colors they are overly paranoid. So I couldn't care less one way or the other on the subject.

[Deleted]

It's helpful, nothing big and you certainly can't work out someone's password.

[Hockeyhacker]

Basically it locks your account from being able to do anything that involves currency or items like buying/selling/deleting items or using mail or the auction house until you confirm your location using a code from an email sent to you.

You forgot to mention that it "locks" whenever you log in from a different IP as your last log in... You explained one end of what it does but didn't explain what triggers it.

But all in all I like that system as well with the only downside being if your email server is down, emails came almost the very second you log in at a different IP, but if for some reason say yahoo mail was down and your account was tied to a yahoo account then you couldn't unlock your items and money at a different IP, but at least you could still play.