One picture is worth 1,000 passwords

Face it. Almost everyone suffers from a bad case of passworditis.

Think, for a moment, of the slew of daily chores that require passwords. The company computer. The home computer. Banking and ATM machines. Web sites. Voice mail. Car and home security systems. It doesn't take long to accumulate a dozen or more passwords. Scribbling them down on Post-its or using the same password for everything is how most people cope with the overload. Either way makes it easier for hackers to invade computer privacy.

Now researchers are moving toward what may be an answer to the password conundrum-pictures.

A number of companies, including software behemoth Microsoft, are looking into various ways that images can be used to replace standard passwords, which usually contain letters and numbers and are, more often than not, easily forgotten. Pictures, on the other hand, are much easier to remember. So researchers are developing picture passwords that will make it simpler for the user and more difficult for the average hacker.

Take, for instance, the screens available through a New York company called Passlogix. One picture shows a wet bar. The password is created by concocting a drink from the various items pictured . The order the items are selected becomes the password. Another screen might ask the user to choose elements from the Periodic Table in a certain order. Still another asks the user to select a number of food items from its "Make a Meal" screen.

Researchers at the University of California, Berkeley who have studied the habits of computer users say laziness plays a major role in most people's choices of passwords. Most people have a tendency to use familiar names, especially those of family members and pets, said Adrian Perrig, a member of the Berkeley team. A poll conducted by the British domain registration firm CentralNic found that 47 percent of all computer users choose family names in passwords.

"They pick the name of their cat or their dog and then add one digit at the end if they think they're being clever," said Paul Barrett, whose RealUser Corp. uses pictures of randomly chosen faces as passwords.

Another 32 percent of computer users choose sports, pop and movie stars, as well as cartoon characters and team names. Only 9 percent employed the more difficult "cryptic" passwords, those with the mix of upper- and lower-case letters, numbers and punctuation that are recommended to ensure security.

Forgetting passwords, however, is a more common problem of the computer era than hacking, particularly for major corporations that must maintain large help desks to service the company's computer users -- often around the clock. Estimates range widely about how much it costs a company each time an employee forgets a password, but the total is in the millions of dollars. Those who are pushing picture passwords contend they will save companies money because recalling images is much easier than the alternative.

Perrig said 90 percent of people in a test group that researchers evaluated were able to remember the pictures chosen from his program even a week after the test. In contrast, only 70 percent could remember their standard passwords. The reason, he said, is that passwords must be precisely written every time, but pictures demand only recognition.