[OT] Security Goes Visual

[Dan Shafer]

At least one of these I've seen doesn't actually require the user to  
remember what picture/phrase was chosen except on it being shown.  
IOW, I choose a picture of a baseball and the word "homer" as my  
confirmations. When I log in with my usual user ID and password, the  
server presents those symbols and asks me to confirm that they are  
the ones I chose. Or it presents, say, three sets of pictures and  
associated words and asks me to pick the one I chose.

The idea is less for the server to identify me than it is for me to  
be confident that I'm at the right, authentic server. If I choose my  
picture and word wisely, it's just dead simple.

FWIW, one company I've worked with is using a sort of reverse  
biometric there, presenting the user with a digitized image of the  
user him/herself. The message is, "If you think you're logging into  
your bank account and you don't see YOUR picture here, then you  
aren't being logged into your account, you're being phished."

I think the idea has real merit.

On Nov 21, 2005, at 7:37 PM, Scott Rossi wrote:

> The recent thread regarding "thinking graphically" reminded of a  
> recent
> update my bank made to enhance protection for online banking  
> customers: they
> added a visual aspect to the login process.
>
> When logging into your account, you must now choose an image from a  
> library
> containing hundreds (thousands?) of images, and related word or  
> phrase that
> you are to be presented with every time you log in.  Presumably  
> this step
> was taken to thwart phishing attempts since it's pretty difficult,  
> if not
> impossible, to replicate the login process (the image and login  
> word/phrase
> are stored on the server).
>
> We'll have to see how effective this technique is in the long run.   
> But as a
> designer, I find this development to be very interesting and wonder  
> if the
> same safeguards will eventually be be applied to other situations  
> requiring
> secure login/registration, including software.  Pretty soon we'll  
> have to
> start keeping track of all our visual passwords, either in an image
> database, or in a descriptive text version of the same.
>
> Something to think about...
>
> Regards,
>
> Scott Rossi
> Creative Director
> Tactile Media, Multimedia & Design
> -----
> E: scott at tactilemedia.com
> W: http://www.tactilemedia.com
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Shafer, Information Product Consultant and Author
http://www.shafermedia.com
Get my book, "Revolution: Software at the Speed of Thought"
 From http://www.shafermediastore.com/tech_main.html