A coworker of mine told me about an authentication solution service called Vidoop Secure. When she first started to describe the service I thought "great, yet another image based captcha system" but turns out I was way off.
Vidoop's solution is image based but then it gets all clever on you and possibly even, just as they claim, hack proof (phishing, keystroke-logging, etc.).
This is how it works when your login system gets integrated with Vidoop:
- User provides their username.
- Vidoop then generates a random image grid, mixing in few images from categories you've chosen (let's say cats and dogs). Nothing special so far.
- Each of the images in the grid displays a randomly generated letter on them. User then needs to find the images of cats and dogs in the grid and type in the letters on those images. This is the password, randomly generated each time you log in.
Vidoop claims that their study shows that people have easier time remembering their image categories than static passwords.
I've been trying to think of ways to undermine an authentication system like this but so far I cannot find any weakness. Can you? I know any visual cognition based authentication system like this is a potential accessibility liability. And I can see how having a randomly changing password for each login attempt could raise a serious user experience flag. But as far as making your login system hack proof, I think Vidoop's approach might be one of the most secure systems out there.
And here's the REALLY interesting part. I hear that Vidoop has a business partnership program in place that will allow their partners to earn money each time their users use Vidoop system to log in to their web sites.