[WEB SECURITY] Single Sign-On with Images

Chris.Hammond-Thrasher at consulting.fujitsu.com Chris.Hammond-Thrasher at consulting.fujitsu.com
Fri May 27 11:48:04 EDT 2005


Not only do we need new and better ways to handle user authentication, but 
it is great that there are multiple options for vendors.

-CHT

................................................................................
Chris Hammond-Thrasher  MLIS, CISSP
FUJITSU CONSULTING
Principal Management Consultant
Library Technology / Security, Privacy and Technical Risk
email: chris.hammond-thrasher at consulting.fujitsu.com
Web: http://www.fujitsu.com/ca/




Bill Pennington <bill at whitehatsec.com>
05/26/2005 05:18 PM

 
        To:     websecurity at webappsec.org
        cc:     (bcc: Chris Hammond-Thrasher/EDM/DMR/CA)
        Subject:        Re: [WEB SECURITY] Single Sign-On with Images


BofA today rolled out passmark

http://baltimore.bizjournals.com/baltimore/stories/2005/05/23/ 
daily23.html

On May 26, 2005, at 11:50 AM, Gavin, Michael wrote:

> Interesting.
>
> There is also a company called Real User that has a few products:
> "Passface Toolkit," "Passfaces for Windows," and "Passfaces for IIS"
> that also uses recognition of photographic images as the 
> authentication
> credential. With Passface you don't need a password and an image; 
> rather
> you select "your" image (assigned to you from their large database of
> human faces when you register in their system) from the 9 or 16 
> that are
> presented when authentication is required.
>
> -----Original Message-----
> From: Bob Auger [mailto:bauger at spidynamics.com]
> Sent: Thursday, May 26, 2005 2:16 PM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Single Sign-On with Images
>
> "Berkeley researchers propose a Mozilla extension to stop phishing
> <http://www.sims.berkeley.edu/%7Erachna/papers/securityskins.pdf>. 
> They
> claim that users only need to remember one password and one image for
> their lifetime to securely log in to any number of sites. They also 
> use
> uniquely generated visual hashes to "skin" trusted windows and 
> webpages,
> which is harder to spoof than the SSL lock icon. To verify that the 
> skin
> is legit, the user has to compare two images, which is easier for
> novices than verifying a certificate
> " - http://slashdot.org/
>
>
> Robert Auger
> SPI Labs
> rauger at spidynamics.com
> Start Secure. Stay Secure.
> Security Assurance Throughout the Application Lifecycle
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>


---
Bill Pennington, CISSP, CCNA
VP Services
WhiteHat Security Inc.
http://www.whitehatsec.com


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20050527/d74de14f/attachment.html>


More information about the websecurity mailing list