New ‘passwordless’ authentication technology debuts at Web 2.0 Expo
By Ruben Francia
Vidoop, a software technology company, today unveiled a revolutionary secure login authentication technology at the Web 2.0 Expo in San Francisco. Vidoop Secure eliminates the need of passwords and thus offers more secure than standard, hackable, or keyboard-loggable passwords.
“The Vidoop Secure solution addresses the fact that passwords are the weak link in Internet security. No matter how complicated or lengthy passwords are, they are easily compromised by readily available keystroke recording software,” says Vidoop President and CEO, Joel Norvell. “And as consumers use more online services, they tend to use the same passwords over and over which creates an added security risk. Vidoop Secure addresses this problem by eliminating passwords and forming a security partnership with the user.”
How Vidoop Secure Works
When you want to sign up to a Vidoop-protected site, you are presented with the usual registration form for account entries. But instead of a password, each user chooses one or more from a number of categories like airplanes, cars or keys.
At the time of login, users are presented with an array of images including an airplane, a car, or a key, and several other unrelated images. Each images has a letter stamped on top of it. To successfully login, user has to select the images in the categories that he/she selected as password. For example, if you’ve selected airplane, car, key as password, then you need to find the images of the airplane, the car, and the key in the grid, and enter in the letter on top of each one of them.
Each time you try to log in, the images change. The “car” one time may be a mercedes bench, the next time a Ferrari. The images position changes in the grid, too. And the letters that go with the proper images also change.
This makes the password very difficult to hack. Since other observers do not know the user’s categories, they do not know which of the displayed access codes to use as the key. Only the user can interpret the grid and notices a series of digits that act as the one-time access code.
The technology requires more thought than just typing in your birthday, but it is more secure. It technology distinguishes itself by incorporating a human cognitive element into the login sequence that defeats automated hacking. The technology also offers consumers the convenience of a single sign-on solution for frequently visited websites.
Another thing that is makes this technology unique is that the images can be sponsor which could provide some revenue.
While Vidoop Secure looks like a better and more secure authentication solution than requiring people to memorize increasingly long and complex passphrases, I doubt Vidoop is completely unhackble.
Related:
Entry was posted
on Tuesday, April 17th, 2007 at 11:52 pm
under
Read more entries by Ruben Francia.
Stumble It!
April 19th, 2007
Nothing is unhackable, but something that can’t be completely owned by a 6th grader is better than standard username and password.
April 21st, 2007
This still falls prey to social hacking, and general user ignorance of security issues. One (real) person, two (real) examples:
Joan is a major travel bug, *loves* dogs and and goes bonkers for all things sweet – so much so that her dog is actually named sugar. My guess is that her picture sequence would be: airplane – dog or animal – chocolate or candy.
Joan is also the type of person who has actually sent me TWO different credit card numbers, expiration date and 3 digit security code via email – in plain text – so that “I could buy myself something nice”. Do you think she’d have any problems sending me a similar email (in clear text) to her favorite online store saying: pick the plane, then the dog, then the candy.
Sorry, Vidoop doesn’t solve the problem. It just reduces some of the automated techniques. For now.