Security Skins: Single Sign-On with Images

← Back to Stories (view on slashdot.org)

Security Skins: Single Sign-On with Images

Posted by CmdrTaco on Thursday May 26, 2005 @05:40AM from the i'll-believe-it-when-they-deploy-it dept.

Appol writes "Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate."

19 of 169 comments (clear)

Min score:

Reason:

Sort:

Finally by nizo · 2005-05-26 05:42 · Score: 5, Funny

I knew a non-evil use for the goatse image would be found eventually. I might as well use that image, since it is burned into my brain forever anyway. Plus it has the added advantage of punishing shoulder surfers.

--
I Am My Own Worst Enemy
1. Re:Finally by EnronHaliburton2004 · 2005-05-26 05:55 · Score: 4, Funny
  
  If I used that image, I would never, ever surf the web again.
  
  --
  94% of Repubs and 21% of Dems voted to renew the Patriot Act
2. Re:Finally by Matey-O · 2005-05-26 06:22 · Score: 2, Funny
  
  And a nice side effect is: The login and password boxes are neatly framed by...uh...nevermind.
  
  --
  "Draco dormiens nunquam titillandus."
Natalie Portman? by ajiva · 2005-05-26 05:42 · Score: 4, Funny

So we just have to visually confirm that Natalie Portman is hot? That's easy!
1. Re:Natalie Portman? by Theaetetus · 2005-05-26 06:30 · Score: 2, Funny
  
  So we just have to visually confirm that Natalie Portman is hot? That's easy!
  Oh, really? (SFW, and Safe for eyes)
2. Re:Natalie Portman? by kocovnik · 2005-05-26 06:43 · Score: 3, Funny
  
  I'm not sure what this image is supposed to prove. Am I not supposed to think that Natalie Portman sticking her hands down her pants is amazing? Or is it the other way around.
  
  --one confused Slashdot reader
3. Re:Natalie Portman? by binarybum · 2005-05-26 07:27 · Score: 3, Funny
  
  Hey! Who the heck photoshoped me out of the picture where I was putting my hand down Natalie's pants!?
  
  --
  ôó
4. Re:Natalie Portman? by bigdumbyak · 2005-05-26 07:29 · Score: 2, Funny
  
  Thank you!!
  Confirmation complete!!
  
  Did you seriously think that a picture of her with her hand down her pants was BAD?
  
  --
  Stupid people hurt my head.
5. Re:Natalie Portman? by Anonymous Coward · 2005-05-26 08:13 · Score: 1, Funny
  
  Poor Natalie. Those hot grits get stuck so easily...
6. Re:Natalie Portman? by 0x20 · 2005-05-26 08:31 · Score: 2, Funny
  
  *Secure connection established*
Yes, this should work well! by Capt'n+Hector · 2005-05-26 05:43 · Score: 3, Funny

Because when a webpage is spoofed, the skin will make it look like the gates of hell, and when it's legit, you see a kitten frolicking in a meadow.

--
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Interesting. by MrAnnoyanceToYou · 2005-05-26 05:43 · Score: 5, Funny

Graduate School at UC Berkeley : 100,00$
Summer spent researching anti-spyware : 1,000$ after grants
Doing the world a favor : 0$ in debt
Getting publicity for doing the world a favor among those who care : See Below
Having your .8 MB file downloaded 100,000 times in the course of twenty minutes, taxing your web server extensively because you set it up there as a PDF, making you look like mildly silly because you're DOING INTERNET RESEARCH : Priceless, except for the bandwidth.

That said, it's quite an interesting approach. The notification style for a hash is quite an interesting idea.

--
My little site.
But who will actually download it? by Ochu · 2005-05-26 05:46 · Score: 2, Funny

Anyone computer-savvy enough to be using firefox, downloading addons, making pet names, and then remembering to check won't be caught by a pisher anyway... Having said that, it would help anyone who has an FNG (friendly neighbourhood geek) to install. Which is pretty likely, this is slashdot.
Been there, done that. by Anonymous Coward · 2005-05-26 05:46 · Score: 4, Funny

I've always used the same password, "pa55w0rd", so this part is easy.

Whoops, did I say that out loud? Good thing I didn't mention that my image is a kitten.

Oh shoot...
Re:PDF Alert by Takara · 2005-05-26 05:53 · Score: 4, Funny

I guess if you're reading this, it's likley too late...
You must be new here.
Re:No to discriminate by Anonymous Coward · 2005-05-26 06:00 · Score: 1, Funny

Fucking typical Liberal-speak. C'mon, the MAJORITY of users have their sight, so let's come up with a solution that works for the majority and THEN work on one to handle the minority. We'll be all old and grey if wi wait for a bulletproof solution that works for everyone. ('course, by then, my eyesight will probably be failing, so I'll give a shit then...)
Re:No to discriminate by mopslik · 2005-05-26 06:02 · Score: 2, Funny

There are people who are blind what do they do?

Use this for their image?
MOD PARENT SIDEWAYS! by Anonymous Coward · 2005-05-26 06:06 · Score: 1, Funny

MOD PARENT SIDEWAYS!
mental images? by madaxe42 · 2005-05-26 06:08 · Score: 5, Funny

Worse than goatse... http://slashdot.org/article.pl?sid=00/08/24/182322 5&tid=99&tid=16 -- seriously - what the hell????