RE: OT alternate website authentication methods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi chris...

it's doable... it's actually quite secure depending on what your app is, and
what your user knowledge is...

check out www.passmarksecurity.com 

-


-----Original Message-----
From: Chris W. Parker [mailto:cparker@xxxxxxxxxxxx]
Sent: Friday, August 18, 2006 2:08 PM
To: php-general@xxxxxxxxxxxxx
Subject:  OT alternate website authentication methods


Hello,

Last night I was reading Chris Shiflett's PHP Security book from
O'Reilly and got to thinking about ways to authenticate a user other
than using a password.

Ideas:

1. Use flash to allow the user to draw an image. If the original image
created during signup is within an acceptable range of the image used to
authenticate, let them in.

2. (I saw this somewhere else... don't remember where or what it's
called.) Use flash (again) to allow the user to click on an image in
certain places. I think it was that you clicked the image in three
places and then when you later authenticated you were supposed to click
in those same places plus one more (to throw off anyone looking over
your shoulder I think). As long as three of the 4 places clicked matched
your original points (within a certain tolerance) you were
authenticated.


I'm not sure that these systems are any more SECURE than a simple
username/password combo (keep in mind though, you'll also need some kind
of username) but at the very least it seems that it could be more
usable.


I'd be interested in hearing your thoughts as well as any links for
further reading.



Chris.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux