[WEB SECURITY] Single Sign-On with Images

Bill Pennington bill at whitehatsec.com
Thu May 26 19:18:47 EDT 2005


BofA today rolled out passmark

http://baltimore.bizjournals.com/baltimore/stories/2005/05/23/ 
daily23.html

On May 26, 2005, at 11:50 AM, Gavin, Michael wrote:

> Interesting.
>
> There is also a company called Real User that has a few products:
> "Passface Toolkit," "Passfaces for Windows," and "Passfaces for IIS"
> that also uses recognition of photographic images as the  
> authentication
> credential. With Passface you don't need a password and an image;  
> rather
> you select "your" image (assigned to you from their large database of
> human faces when you register in their system) from the 9 or 16  
> that are
> presented when authentication is required.
>
> -----Original Message-----
> From: Bob Auger [mailto:bauger at spidynamics.com]
> Sent: Thursday, May 26, 2005 2:16 PM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Single Sign-On with Images
>
> "Berkeley researchers propose a Mozilla extension to stop phishing
> <http://www.sims.berkeley.edu/%7Erachna/papers/securityskins.pdf>.  
> They
> claim that users only need to remember one password and one image for
> their lifetime to securely log in to any number of sites. They also  
> use
> uniquely generated visual hashes to "skin" trusted windows and  
> webpages,
> which is harder to spoof than the SSL lock icon. To verify that the  
> skin
> is legit, the user has to compare two images, which is easier for
> novices than verifying a certificate
> " - http://slashdot.org/
>
>
> Robert Auger
> SPI Labs
> rauger at spidynamics.com
> Start Secure. Stay Secure.
> Security Assurance Throughout the Application Lifecycle
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>


---
Bill Pennington, CISSP, CCNA
VP Services
WhiteHat Security Inc.
http://www.whitehatsec.com


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list