I’m always interested in adding security to information systems. One step in that process is adding authentication. Authentication is aimed at establishing without doubt the identity of the one trying to use (or abuse) the system. And that doesn’t stop with the old user-name-password combo. There are many alternative or additional means to do it, but that’s a topic for another post. There are also ways in helping people authenticate themselves more successfully. Without trying to be complete here, I’ll give you an overview of a few of the possibilities of helping you authenticate, even though it’s single factor authentication.
Passwords are problematic since our human memory isn’t quite foolproof. (how about that for an understatement…) This tends us to choose easy to remember, and therefor almost always easy to guess passwords. Difficult passwords are harder to remember locking the user out, rather then letting them in. Two services have created interesting ways to help you pick the right password without making it too easy for someone else to pick your password: MyVidoop and InkBlotPassword. Both will provide you with an open-id to use on several websites that support that technology.
MyVidoop is still alive. It’s recently been acquired by http://www.confidenttechnologies.com, and hopefully it won’t shut it down since this service really does a few thinks very well. Logging in means typing in your user-name and then selecting the pictures of your selected categories from a grid and entering the characters associated with those categories. An example of such a grid is here:
So if your categories are dogs, computers and buildings, you’d enter NJA (in any order you like). Remembering categories is much easier then remembering a password. Even though this password is very short, since it’s different every time, it’s very hard to guess. I think it’s very cool. The technology is called Confident Imageshield(tm). One added bonus of MyVidoop is the way it let’s you know what’s happening with your account via e-mail notifications. If someones trying to abuse it, you’ll know about it!
InkBlotPassword has a different strategy. The idea here is that people remember best by association. Association of words with pictures in this case. They show you a number of inkblot-type pictures during sign-up and ask you to enter the first and last character of the word you associate with that picture. You could choose another mechanism (like the first and third character), just as long as you remember what it is. You can practice this mechanism before fixing it as your password. When logging in after typing your user-name you are shown your inkblot-patterns in random order. You enter the characters (first and last or any other way you chose) for each inkblot. It’s indeed not that hard to remember or to ‘re-associate’ the blots with words. Best of all, you can select how many inkblots you want to use therefor you can set the strength of the password you are using. Pretty nifty. Also here, the password is different each time since the order of the blots changes,
Do you know of other means adding security while helping you authenticate (even though it’s single factor)? Let me know in the comment-section.