[WEB SECURITY] Single Sign-On with Images

Bob Auger bauger at spidynamics.com
Thu May 26 14:16:09 EDT 2005


"Berkeley researchers propose a Mozilla extension to stop phishing <http://www.sims.berkeley.edu/%7Erachna/papers/securityskins.pdf>. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate 
" - http://slashdot.org/


Robert Auger
SPI Labs
rauger at spidynamics.com
Start Secure. Stay Secure.
Security Assurance Throughout the Application Lifecycle


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list