[OT] Security Goes Visual
Scott Rossi
scott at tactilemedia.com
Tue Nov 22 15:00:09 EST 2005
Recently,Dan Shafer wrote:
> At least one of these I've seen doesn't actually require the user to
> remember what picture/phrase was chosen except on it being shown.
> IOW, I choose a picture of a baseball and the word "homer" as my
> confirmations. When I log in with my usual user ID and password, the
> server presents those symbols and asks me to confirm that they are
> the ones I chose. Or it presents, say, three sets of pictures and
> associated words and asks me to pick the one I chose.
>
> The idea is less for the server to identify me than it is for me to
> be confident that I'm at the right, authentic server. If I choose my
> picture and word wisely, it's just dead simple.
Yes, this is exactly the point (bots and keyloggers not withstanding) -- for
users to verify that they have indeed landed on an authentic site and not a
phishing expedition.
However, if multiple institutions start using this method, as well as other
processes such as software registration for example, you probably *will*
have to start remembering the pictures/phrases, because your logins will be
different for each server.
Regards,
Scott Rossi
Creative Director
Tactile Media, Multimedia & Design
-----
E: scott at tactilemedia.com
W: http://www.tactilemedia.com
More information about the use-livecode
mailing list