This is inspired by the spin dial locks on vaults. To make it a little harder to capture a log on, authentication software could present a user with a sliding display of characters. Moving the mouse to the left will cause the characters to start rolling to the right, moving the mouse to the right will let them roll to the left. The speed has to be carefully planned, because stopping on a certain character indicates entering the character. The user has to alternate spinning left and right (left to the 'p', right to the 'a', left to the 's' and so on to spell 'password').
To attempt to thwart screen capture, the characters displayed are never shown in their entirety, but only traced by very fast moving dots.
This could be implemented in Java or as ActiveX to work with web sites.-- jmvw, Apr 18 2007 Password "Gesture" with Mouse Password_20_22Gesture_22_20with_20MouseThis idea also uses mouse motion [jmvw, Apr 18 2007] Regardless of the interface for entering the password, the data is still going to be transmitted to the server in pretty much the same way. It is all a stream of IP packets. This will give a false sense of security.(-)-- Galbinus_Caeli, Apr 18 2007 Well, for traffic with the server that we have encryption. My little scheme retains traditional passwords and it is intended to thwart keystroke/mouse click loggers and screen capture programs without special hardware. It struck me what a ridiculously insecure mess Windows has become. Many Windows workstations are compromised one way or the other and this can be hard to detect.
Perhaps my scheme could be useful for online banking and so on, where traffic to the server is protected by SSL but a compromised workstation could present a risk.-- jmvw, Apr 18 2007 I tend to use the scroll wheel for this. Anyway it should be more secure than key presses, no? An ok idea, but just not as good as a USB enabled steel dial from a safe. Neutral.-- wagster, Apr 18 2007 random, halfbakery