hi chris... it's doable... it's actually quite secure depending on what your app is, and what your user knowledge is... check out www.passmarksecurity.com - -----Original Message----- From: Chris W. Parker [mailto:cparker@xxxxxxxxxxxx] Sent: Friday, August 18, 2006 2:08 PM To: php-general@xxxxxxxxxxxxx Subject: OT alternate website authentication methods Hello, Last night I was reading Chris Shiflett's PHP Security book from O'Reilly and got to thinking about ways to authenticate a user other than using a password. Ideas: 1. Use flash to allow the user to draw an image. If the original image created during signup is within an acceptable range of the image used to authenticate, let them in. 2. (I saw this somewhere else... don't remember where or what it's called.) Use flash (again) to allow the user to click on an image in certain places. I think it was that you clicked the image in three places and then when you later authenticated you were supposed to click in those same places plus one more (to throw off anyone looking over your shoulder I think). As long as three of the 4 places clicked matched your original points (within a certain tolerance) you were authenticated. I'm not sure that these systems are any more SECURE than a simple username/password combo (keep in mind though, you'll also need some kind of username) but at the very least it seems that it could be more usable. I'd be interested in hearing your thoughts as well as any links for further reading. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php