[WEB SECURITY] Single Sign-On with Images

Gavin, Michael mgavin at forrester.com
Thu May 26 14:50:49 EDT 2005


Interesting.  

There is also a company called Real User that has a few products:
"Passface Toolkit," "Passfaces for Windows," and "Passfaces for IIS"
that also uses recognition of photographic images as the authentication
credential. With Passface you don't need a password and an image; rather
you select "your" image (assigned to you from their large database of
human faces when you register in their system) from the 9 or 16 that are
presented when authentication is required.

-----Original Message-----
From: Bob Auger [mailto:bauger at spidynamics.com] 
Sent: Thursday, May 26, 2005 2:16 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Single Sign-On with Images

"Berkeley researchers propose a Mozilla extension to stop phishing
<http://www.sims.berkeley.edu/%7Erachna/papers/securityskins.pdf>. They
claim that users only need to remember one password and one image for
their lifetime to securely log in to any number of sites. They also use
uniquely generated visual hashes to "skin" trusted windows and webpages,
which is harder to spoof than the SSL lock icon. To verify that the skin
is legit, the user has to compare two images, which is easier for
novices than verifying a certificate 
" - http://slashdot.org/


Robert Auger
SPI Labs
rauger at spidynamics.com
Start Secure. Stay Secure.
Security Assurance Throughout the Application Lifecycle


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list