Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Skins: Single Sign-On with Images

Posted by CmdrTaco on from the i'll-believe-it-when-they-deploy-it dept.

Appol writes "Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate."

8 of 169 comments (clear)

  1. What about cost? by The+Woodworker · · Score: 4, Interesting

    SSL certificates are pretty expensive for someone setting up a secure hobby website. You can go the route of FreeSSL, or generate your own, but this gives browser warnings/errors. I'm wondering how much this method would cost if you got it from GeoTrust/Thawte/etc. and what the lifetime of that would be (good for a year, two years, etc.)?

    As a side note, after 8 years of tech support, I find users trust what their browsers trust, and as long as people use browsers like IE and just click on email links, nothing will be secure at the users end.

    --
    Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
  2. Re:Colourblind? by Kjuib · · Score: 2, Interesting

    Or even... what if I use Lynx? I have to check the image names?

    --
    - Your stupidity got you into this mess, why can't it get you out? -Will Rogers
  3. Whats really interesting by pthor1231 · · Score: 2, Interesting

    is that banks and credit issues have lost over 1.2 billion dollars in 2003, according to TFA, yet they are not the ones actively pursuing something that would help protect their users from this sort of fraud. I think it's great that someone is doing something about this issue for the general public.

  4. md5 style too? by kebes · · Score: 2, Interesting

    I've often thought that a similar thing should exist for md5 hashes and a whole slew of authentication schemes. The actual hash number can be transformed into an "abstract art" image via a combinatorial algorithm. The image could be some overlapping strange-looking lines and shapes, with the exact shapes, colors, and so on all based on the hash. Even a small change in the hash or authentication code would lead to a very big difference in the final image.

    So when you download a file, they show you a picture of the expected visual-hash. When the file finishes, you take a quick look at the visual-hash your computer just generated, and see if they match.

    Similarly for all secure websites and key exchanges. When you SSH into a server, why not show an image (or ASCII art if you prefer) based on its unique key? I think anti-phishing is just one of many usese for this kind of technology.

  5. Re:No to discriminate by NieKinNL · · Score: 2, Interesting

    Or people who are in other ways visually impaired, like beeing blind completely.

    They always depend on the soft- and hardware that was built to aid them in using computers. I know there are braille boards on wich they can "read" plain text. With the right software this can (and probably is) be used to get quite far with computer use.

    I think for such handicaps, it would be easier and much more flexibel to use text as a visual confirmation in stead of images. This way it is much easier to make the software compatible with numerous of other systems, and of course blind people will be able to use the technologie too.

    Nevertheless I do doubt this development. Sure it is a great "solution", but it will require cooperation of the mayor browser companies, and there has to be a way to tell the browser your site is legit, wich may come down to thesame problem as SSL, namely registering your certificate (or in this case, the use of the security hash), and that often costs you money and lots of effort.

    On the other hand, training users to recognise sinister situations on the web has been proofed to be a endless frustrating time consuming mind numbing effort too, so basically it's about choosing the road with the least obstacles.

    For me, and probably most of Slashdot, I find it a more than great idea to develop a braille system for images. Say, to feel the image..)

    --
    -- # man women
  6. Re:No to discriminate by Steffan · · Score: 2, Interesting

    I imagine it would be fairly trivial to modify this scheme to use a generated sound or audio clip instead of an image. People are probably not as good at distinguishing different sounds, but I'm sure the ability is more than adequate for this scenario.

  7. Acutrust is a better method by x_hexdump_x · · Score: 2, Interesting

    Acutrust http://www.isblanket.com/services/online/acutrust/ is a much better approach to the problem. It uses an encrypted image to prove the site is authentic. The unique thing about this product is that is does not require the user-base to install any special software.

    Acutrust FAQ http://www.isblanket.com/services/online/acutrust/ faq/

  8. Re:Single password not hard to acheive without ris by baadger · · Score: 2, Interesting

    Yes you have hit all the major faults right on the head. However let's see if i can point out why they aren't so bad

    Change of uri/domain -

    A fairly uncommon event for most well established websites (obviously not torrent sites :P) and this could be taken into account by keeping both domains/uri's live long enough for users to transfer their account across somehow. Maybe indicating a move and asking the user to accept it, in which case it simply uses the old and new domain string sequentially to accomplish the changeover. Obviously this could be exploited and leads to a new form of phishing - but would be rare - Probably the biggest problem :(

    Installation of new software -

    * Using extensions or bookmarklet like buttons (that keep javascript out of the scope of other scripts in the webpage) which are now pretty commonplace and native to browsers.
    * You can even use javascript within the website html itself, although much more risky, it can viewed by the user in the page source and cheating webmasters risk exposure. This is no different from dodgy webmasters not chosing to store passwords as hashes automatically now.
    * Some kind of signed javascript (.jar file) which can't be tampered with (don't know how feasible that is) which verifies that the script in use is from a source that everyone knows about, is open source, and has been checked for bugs by a large number of people.

    Hash weakness -

    I have no idea how much weaker a hash with a known constant, for example in MD5, is. Is xxxxxxxCCCCC where CCCCC is a known string as difficult to break as xxxxxxx alone (which would be ideal)? It is an issue given that webmasters could have access to thousands of hashes with the same string constant. But then again now they have your password in plaintext while being processed.

    Do the benefits outway the risks of this idea though?

    * The webmasters task of stealing plaintext passwords directly is made much much more difficult.
    * Having to crack hashes with a constant string in them might not provide much advantage over hashes without..i would guess it depends on the hashing algorithm - i'm obviously no expert.
    * Websites without HTTPS still benefit because passwords aren't sent across the wire (talking authentication here not content privacy remember) in the clear.

    I love that Schneier quote, anything devised is always going to be exploitable somewhere by somebody much smarter than yourself. I have no delusions that it will be perfect but I think it moves some of the risks about and might be interesting to try out.