On 8/18/06, Chris W. Parker <cparker@xxxxxxxxxxxx> wrote:
Ideas: 1. Use flash to allow the user to draw an image. If the original image created during signup is within an acceptable range of the image used to authenticate, let them in. 2. (I saw this somewhere else... don't remember where or what it's called.) Use flash (again) to allow the user to click on an image in certain places. I think it was that you clicked the image in three places and then when you later authenticated you were supposed to click in those same places plus one more (to throw off anyone looking over your shoulder I think). As long as three of the 4 places clicked matched your original points (within a certain tolerance) you were authenticated.
These ideas are certainly creative, but I would question their day-to-day usability. They seem to be more simple than traditional passwords to observe and duplicate. Passwords have an advantage of being obscured visually, and difficult (though not impossible) to duplicate through simple observation. The drawn image, unless obscenely complex, would be very prone to visual snooping, since I assume it is being displayed on the user's terminal as it's entered. It would also leave people like myself with absolutely no drawing talent to either a) be unable to reproduce the image I drew the first time or b) use something so simple anyone can do it (did someone say smiley face?). I fail to see the how adding a 4th click to the image helps security. It actually makes it easier to defeat in a brute force hack attempt (4 chances to get 3 proper clicks). Besides, how am I going to write down where I clicked the image on a post-it so I can stick it on my monitor? :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
