1. Why not a scanner that scans your fingerprint and use that as authentication method? Then you do not need any username or password, you are who you are :) 2. Ten multiple choice questions where you have to preset the system with 5 of your dreams that only you know about, and then you have to be able to tell witch one is bogus about you or not (the rest of the 10 are standard bogus things coming from other users in the system). 3. Voice recognition, you have your username and password, just record them and you are ready to go. About your (2): Is there any real difference with a pin number on an ATM for that? I like the idea of having other then characters and numbers to do it with. However, I do not think we will see it. Maybe we will get small security box where you have to access it by your fingerprint, the rest will be done the traditional way: - Login to box with fingerprint - Submit username to web site - Get a question (usually a number) - Submit into box that generates answer (usually a number) - Submit answer to web site, web site checks if answer match with number according to the public/private key constraints. Back to work :) -----Original Message----- From: Chris W. Parker [mailto:cparker@xxxxxxxxxxxx] Sent: Saturday, August 19, 2006 4:08 AM To: php-general@xxxxxxxxxxxxx Subject: OT alternate website authentication methods Hello, Last night I was reading Chris Shiflett's PHP Security book from O'Reilly and got to thinking about ways to authenticate a user other than using a password. Ideas: 1. Use flash to allow the user to draw an image. If the original image created during signup is within an acceptable range of the image used to authenticate, let them in. 2. (I saw this somewhere else... don't remember where or what it's called.) Use flash (again) to allow the user to click on an image in certain places. I think it was that you clicked the image in three places and then when you later authenticated you were supposed to click in those same places plus one more (to throw off anyone looking over your shoulder I think). As long as three of the 4 places clicked matched your original points (within a certain tolerance) you were authenticated. I'm not sure that these systems are any more SECURE than a simple username/password combo (keep in mind though, you'll also need some kind of username) but at the very least it seems that it could be more usable. I'd be interested in hearing your thoughts as well as any links for further reading. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php