Re: OT alternate website authentication methods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

For method 1) I can tell that it wouldn't work for me. When I'm at home with my mouse, I can draw in a predictable way but if I'm on a plane, I cannot use the mouse so I have to rely on the touchpad, and then I wouldn't be able to draw anything, in fact, when not using my usual mouse I start using keyboard shortcuts as much as possible. If I'm on a borrowed computer then all bets are off. Though option 2) is less sensitive to this, it would still take me lots of time to accurately hit the right spots when not using my own mouse and I would rather have any keyboard entry alternative to any mouse option. 

Satyam
----- Original Message ----- From: "Chris W. Parker" <cparker@xxxxxxxxxxxx> 
To: <php-general@xxxxxxxxxxxxx>
Sent: Friday, August 18, 2006 11:08 PM
Subject:  OT alternate website authentication methods


Hello,

Last night I was reading Chris Shiflett's PHP Security book from
O'Reilly and got to thinking about ways to authenticate a user other
than using a password.

Ideas:

1. Use flash to allow the user to draw an image. If the original image
created during signup is within an acceptable range of the image used to
authenticate, let them in.

2. (I saw this somewhere else... don't remember where or what it's
called.) Use flash (again) to allow the user to click on an image in
certain places. I think it was that you clicked the image in three
places and then when you later authenticated you were supposed to click
in those same places plus one more (to throw off anyone looking over
your shoulder I think). As long as three of the 4 places clicked matched
your original points (within a certain tolerance) you were
authenticated.


I'm not sure that these systems are any more SECURE than a simple
username/password combo (keep in mind though, you'll also need some kind
of username) but at the very least it seems that it could be more
usable.


I'd be interested in hearing your thoughts as well as any links for
further reading.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.3/423 - Release Date: 18/08/2006

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux