On Fri, August 18, 2006 4:08 pm, Chris W. Parker wrote: > Last night I was reading Chris Shiflett's PHP Security book from > O'Reilly and got to thinking about ways to authenticate a user other > than using a password. > > Ideas: > > 1. Use flash to allow the user to draw an image. If the original image > created during signup is within an acceptable range of the image used > to > authenticate, let them in. > > 2. (I saw this somewhere else... don't remember where or what it's > called.) Use flash (again) to allow the user to click on an image in > certain places. I think it was that you clicked the image in three > places and then when you later authenticated you were supposed to > click > in those same places plus one more (to throw off anyone looking over > your shoulder I think). As long as three of the 4 places clicked > matched > your original points (within a certain tolerance) you were > authenticated. > > > I'm not sure that these systems are any more SECURE than a simple > username/password combo (keep in mind though, you'll also need some > kind > of username) but at the very least it seems that it could be more > usable. > > > I'd be interested in hearing your thoughts as well as any links for > further reading. You're pretty much leaving out visually-impaired users in the cold... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
