Vidoop, Picture Passwords.

April 23rd, 2007 at 12:00 am
 


The OpenID system is slowly becoming a staple on the internet.  Many new sites are already equipped with the easier user identification package.  Also, many OpenID providers are popping up in cyberspace each offering a different way of securing a user's information.

Many providers simply make it easier for users to utilize a single profile and username and password when singing up for new accounts on an OpenID enabled site.  Aside from that some providers give a more secure protection rather than a simple username and password.

Vidoop is an OpenID provider that takes its security to the next level.  I was fortunate enough to have asked Luke Sontag, Vidoop's CTO and Co-founder, about the nature of the company and according to him, consumer security on the internet has always been lax only providing an easily hackable username and password between thieves and a user's personal and sometimes sensitive information like bank accounts and other secrets.

Big corporations know the risks of key loggers and other hacking software which is exactly why they go beyond the usual username and password layer.  Other security measures include keys, smart cards and other electrical devices that all require a hardware component.  These measures are effective yet are not feasible for the consumers.  This is why Vidoop has come up with an ingenious way of providing a nearly impossible to hack protection system for their version of OpenID.

Vidoop does not use a single password for an account.  For example, my OpenID URL is http://mikalu.myvidoop.com, if you use that in any OpenID enabled site like Ziki.com, you'll be presented with a grid of images and a text box to confirm my identity.  Of course, you don't have any idea what my code is.  Let's say you already know how Vidoop works, you still would have no idea what my code will be.

Here's how it works.  Instead of a simple password to unlock my OpenID URL, Vidoop presents me with images.  Each image belongs to a category for example, cars, keys, or houses.  If you tried to hack my account earlier, you'd notice that there are corresponding letters or number for every picture.  Those letters will make up my security code for that single session.  All you need to know are my secret categories to hack my account (of course I'm not giving it away).

This is how Vidoop makes their OpenID's nearly unhackable, categorized images that change everytime.  Does it sound enough?  Well, better than a simple username-password.

Vidoop is currently in private beta and I was lucky enough to try it out thanks to the invite Luke gave me after our interview.  All in all, I think that Vidoop is a can make the web more secure for consumers because come to think of it, the username and password are so old school.

Luke Sontag says it would take not more than 6 months for Vidoop to get out of their private beta and as of now requests for invitations are available on their site.