RE: OT alternate website authentication methods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1. Why not a scanner that scans your fingerprint and use that as
authentication method? Then you do not need any username or password, you
are who you are :)

2. Ten multiple choice questions where you have to preset the system with 5
of your dreams that only you know about, and then you have to be able to
tell witch one is bogus about you or not (the rest of the 10 are standard
bogus things coming from other users in the system).

3. Voice recognition, you have your username and password, just record them
and you are ready to go.

About your (2): Is there any real difference with a pin number on an ATM for
that?

I like the idea of having other then characters and numbers to do it with.
However, I do not think we will see it. Maybe we will get small security box
where you have to access it by your fingerprint, the rest will be done the
traditional way:

- Login to box with fingerprint
- Submit username to web site
- Get a question (usually a number)
- Submit into box that generates answer (usually a number)
- Submit answer to web site, web site checks if answer match with number
according to the public/private key constraints.

Back to work :)




-----Original Message-----
From: Chris W. Parker [mailto:cparker@xxxxxxxxxxxx] 
Sent: Saturday, August 19, 2006 4:08 AM
To: php-general@xxxxxxxxxxxxx
Subject:  OT alternate website authentication methods

Hello,

Last night I was reading Chris Shiflett's PHP Security book from
O'Reilly and got to thinking about ways to authenticate a user other
than using a password.

Ideas:

1. Use flash to allow the user to draw an image. If the original image
created during signup is within an acceptable range of the image used to
authenticate, let them in.

2. (I saw this somewhere else... don't remember where or what it's
called.) Use flash (again) to allow the user to click on an image in
certain places. I think it was that you clicked the image in three
places and then when you later authenticated you were supposed to click
in those same places plus one more (to throw off anyone looking over
your shoulder I think). As long as three of the 4 places clicked matched
your original points (within a certain tolerance) you were
authenticated.


I'm not sure that these systems are any more SECURE than a simple
username/password combo (keep in mind though, you'll also need some kind
of username) but at the very least it seems that it could be more
usable.


I'd be interested in hearing your thoughts as well as any links for
further reading.



Chris.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux