Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Security Skins: Single Sign-On with Images 169

Appol writes "Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites. They also use uniquely generated visual hashes to "skin" trusted windows and webpages, which is harder to spoof than the SSL lock icon. To verify that the skin is legit, the user has to compare two images, which is easier for novices than verifying a certificate."
This discussion has been archived. No new comments can be posted.

Security Skins: Single Sign-On with Images

Comments Filter:
  • Finally (Score:5, Funny)

    by nizo ( 81281 ) * on Thursday May 26, 2005 @01:42PM (#12647005) Homepage Journal
    I knew a non-evil use for the goatse image would be found eventually. I might as well use that image, since it is burned into my brain forever anyway. Plus it has the added advantage of punishing shoulder surfers.
  • by ajiva ( 156759 ) on Thursday May 26, 2005 @01:42PM (#12647014)
    So we just have to visually confirm that Natalie Portman is hot? That's easy!
  • by Capt'n Hector ( 650760 ) on Thursday May 26, 2005 @01:43PM (#12647019)
    Because when a webpage is spoofed, the skin will make it look like the gates of hell, and when it's legit, you see a kitten frolicking in a meadow.
  • by MrAnnoyanceToYou ( 654053 ) <dylan.dylanbrams@com> on Thursday May 26, 2005 @01:43PM (#12647028) Homepage Journal
    Graduate School at UC Berkeley : 100,00$
    Summer spent researching anti-spyware : 1,000$ after grants
    Doing the world a favor : 0$ in debt
    Getting publicity for doing the world a favor among those who care : See Below
    Having your .8 MB file downloaded 100,000 times in the course of twenty minutes, taxing your web server extensively because you set it up there as a PDF, making you look like mildly silly because you're DOING INTERNET RESEARCH : Priceless, except for the bandwidth.

    That said, it's quite an interesting approach. The notification style for a hash is quite an interesting idea.
    • Hash.....

      (the "corned beef" version, not the "hippy crack" version)

    • PDF docs (Score:2, Offtopic)

      I don't understand why so many places use PDF when it is not that hard to write the HTML to make a document look as nice. HTML is universal, anyone can read it. PDF takes the adobe reader. On older systems, the adobe reader gets to be very slow, not just when opening a document, but when booting a system.

      I'd like to see an alternative next to the PDF download, a basic HTML version, or plain text. PDF is not as bad as flash, but I hate it when a website only has information in one format, and the format is

      • Re:PDF docs (Score:3, Insightful)

        by porcupine8 ( 816071 )
        I don't understand why so many places use PDF when it is not that hard to write the HTML to make a document look as nice.

        Of course, if you've already written the paper, it takes minimal effort to print/export it to PDF, whereas if you export to HTML you have to do all kinds of double-checking to make sure it's formatted correctly, and probably have to mess with the code some.

        Plus, if you really are running that slow a system, it's possible whatever HTML they use *won't* quite be so universal. If you'r

      • I don't understand why so many places use PDF

        PDF sucks, but PDF and HTML are for *completely* different purposes. PDF is a *layout* format, its designed to fix high quality output to exact dimensions for printing.

        HTML is a markup language meant to make low quality output accessable on a variety of platforms, formats.

        • Yeah, HTML just does not guarantee consistent viewing in the way that a PDF does. I've done web design work in coordination with graphic designers, and I would've payed almost any amount of money to get them to understand that.
    • What is that troll term that's applicable here? You fail it? The whole point of the mastercard commercials is short, concise statements with prices and no extraneous qualifiers. Your complete lack of creativity has managed to take a slightly amusing joke, beat it to death, tie it to the bumper of a pickup truck, and drag it through the depths of unfunny. You fail it.
      • And yet it's marked at +4 funny, -2 for 1 offtopic mod. Maybe it's your sense of humor that isn't subtle enough to see all sides of the joke?
        • That "joke" is about as subtle as a four foot steel dildo upside the head. The fact that a couple of people marked it funny does not automatically define it as funny. The fact that the moderation system around here is so fucked up further undermines the validity of your "its +4, it MUST be funny" argument. The joke sucks, plain and simple.
  • I guess if you're reading this, it's likley too late, but TFA is a pdf...
  • by Anonymous Coward
    ...whether Passport or some open-source solution. The task of typing some stuff into a form field is not so onerous we need a complicated solution for a non-problem. Most browsers support various ways to locally remember form fields that take care of these problems simply. And this wont stop phishing.
  • by dshaw858 ( 828072 ) on Thursday May 26, 2005 @01:44PM (#12647043) Homepage Journal
    Isn't this a lot like Netcraft's new Anti-Phishing plugin? I'm glad that all these people are finally taking initiative against phishers, even though it's almost definitely due to the heightened media attention that phishing is currently getting.

    In practice though, I think the only way this would really work is if it's shipped by default in Firefox. The peoplen that would install this anti-phishing plugin aren't usually the people that would get tricked by phishing scams anyway.

    - dshaw

    Note: This is all IMO; and yes, I understand that some scams are so realistic that anyone could get caught in their webs.
  • when Netcraft [] just released their anti-phishing plugin for firefox ;)
  • No to discriminate (Score:5, Insightful)

    by a3217055 ( 768293 ) on Thursday May 26, 2005 @01:45PM (#12647054)
    There are people who are blind what do they do ? Stare at the screen hoping there eye sight comes back?

    Not a good over all solution, you need a seperate medium/channel to display such pictures.
    • by Council ( 514577 ) <[rmunroe] [at] []> on Thursday May 26, 2005 @01:51PM (#12647132) Homepage
      There are people who are blind what do they do ? Stare at the screen hoping there eye sight comes back?

      Not a good over all solution, you need a seperate medium/channel to display such pictures.
      Don't be silly. The not-too-large group of blind heavy computer users (a group including two of my friends) has to develop seperate tools for this stuff, such as screen readers [] (if you want Linux tools, there are plenty) and the like. "You need a seperate medium/channel to display such pictures" . . . sounds kind of silly. A non-visual channel for displaying pictures? These pictures are useful only because they make use of the human visual processing center. Blind people will verify certificates with separate software tools piled on top of this. No more convenient than the current system for them, unfortuantely, but they're used to working around this kind of thing.

      Summary: The visual system is only useful because it's easy for people with sight to verify. Blind people will use separate tools, as they always have. Your objections don't seem to make that much sense.
    • You comment makes me wonder whether visually impaired users are more or less vunerable to phishing/spoofing/etc? Do text-to-speach engines read the URL or the text for links?

      Also (and somewhat related) I wonder how popular online banking is with the blind. I personally think I would prefer phone banking to internet, but my vision if fine so it is just a guess.

      Sometimes I forget how much I take for granted.

    • by Anonymous Coward
      Fucking typical Liberal-speak. C'mon, the MAJORITY of users have their sight, so let's come up with a solution that works for the majority and THEN work on one to handle the minority. We'll be all old and grey if wi wait for a bulletproof solution that works for everyone. ('course, by then, my eyesight will probably be failing, so I'll give a shit then...)
    • There are people who are blind what do they do?

      Use this [] for their image?

    • If you really believed this, you would throw your monitor in the dumpster. If it's a nice one I'll give you five bucks for it.
    • by NieKinNL ( 690492 )
      Or people who are in other ways visually impaired, like beeing blind completely.

      They always depend on the soft- and hardware that was built to aid them in using computers. I know there are braille boards on wich they can "read" plain text. With the right software this can (and probably is) be used to get quite far with computer use.

      I think for such handicaps, it would be easier and much more flexibel to use text as a visual confirmation in stead of images. This way it is much easier to make the software c
    • by Steffan ( 126616 )
      I imagine it would be fairly trivial to modify this scheme to use a generated sound or audio clip instead of an image. People are probably not as good at distinguishing different sounds, but I'm sure the ability is more than adequate for this scenario.

  • Finally...something even I can remember. The question is, will my wife mind if I have some hot mama as the picture I want to us. Perhaps Asia Carrera.
    • Re:This rocks.... (Score:3, Insightful)

      by nizo ( 81281 ) *
      Using an SO would be a bad idea; if you ever break up just think about how dumb you would feel if you ever find another significant other (sort of like an online version of the embarassing tattoo). Better to pick a cute puppy or something like that instead.
  • ... which is why it will never catch on (although I hope it does).

    • ... that was put together with a toy computer, a MAC. Therefore, its only good for graphics, and not real business work. This is because MAC software can't run on Windows, which is cheaper and has two button mice.

      /every rant against using Macs for solutions to problems that would be best solved using Macs

  • Anyone computer-savvy enough to be using firefox, downloading addons, making pet names, and then remembering to check won't be caught by a pisher anyway... Having said that, it would help anyone who has an FNG (friendly neighbourhood geek) to install. Which is pretty likely, this is slashdot.
  • by Anonymous Coward on Thursday May 26, 2005 @01:46PM (#12647078)
    I've always used the same password, "pa55w0rd", so this part is easy.

    Whoops, did I say that out loud? Good thing I didn't mention that my image is a kitten.

    Oh shoot...
  • What about cost? (Score:4, Interesting)

    by The Woodworker ( 723841 ) on Thursday May 26, 2005 @01:50PM (#12647118) Homepage
    SSL certificates are pretty expensive for someone setting up a secure hobby website. You can go the route of FreeSSL, or generate your own, but this gives browser warnings/errors. I'm wondering how much this method would cost if you got it from GeoTrust/Thawte/etc. and what the lifetime of that would be (good for a year, two years, etc.)?

    As a side note, after 8 years of tech support, I find users trust what their browsers trust, and as long as people use browsers like IE and just click on email links, nothing will be secure at the users end.
  • Good idea (Score:2, Insightful)

    That sounds like a good idea. However, it may be like asking the average citizen to spot counterfiet money. And after a few times of being asked to compere images, the user may get annoyed and every time afterward, they will just confirm everything to get done quickly.
  • infected computer (Score:4, Insightful)

    by tacroy ( 813477 ) on Thursday May 26, 2005 @02:03PM (#12647266)
    I skimmed the article, and I noticed the adware section, but it didnt really answer my question: If the secure aspect is the local picture and the local picture needs to be pulled from the local machine by the page then what is to stop an adware program from grabbing that api and using the secure picture on a insecure site?
    • What's required in this case is limiting what a web site can do with the UI. There has to be something that only the browser can do which is still obvious to the user; there has to be some part of the browser chrome that cannot be duplicated, and it has to be something that's close to the point of attention.

      Unfortunately, the trend has been to allow the server to do ANYTHING to the user's browser. Pop-ups are the oldest and most ubiquitous I can think of(especially vile on-window-close pop-ups), though oth
    • I think these techniques are designed to mitigate phishing scams that trick users into releasing information based on the perceived trustworthyness of an internet site.

      If malware or spyware is installed on your computer, then yes this won't stop it. Then again, this malware can just keylog your password or do whatever else it wants. The point is that if your OS (or even just your browser) is compromised, then your online security is compromised. The only way to prevent this is to have a secure browser and
  • is that banks and credit issues have lost over 1.2 billion dollars in 2003, according to TFA, yet they are not the ones actively pursuing something that would help protect their users from this sort of fraud. I think it's great that someone is doing something about this issue for the general public.
    • I think that figure may be like the RIAA figures of loss. Also, this loss may include money that Visa/Mastercard collected from a merchant in a fraudulent transaction where the merchant was the one getting screwwe.
    • They are working on improvements, but many of their ideas never hit the mainstream simply because it's hard to sell - grandma doesn't want to have a long password, extra key, or anything like that.

      It's also because no matter what you produce, there are a lot of weaknesses - like using an image when you're blind.

      I saw two fradulent charges on my card last year - and they were resolved within a day or two of my reporting them. Unfortunately, I doubt they can do much against international fraud, given that t
  • Have you ever played one of those games in a bar where you have to touch the area of the screen where the picture (usually of a scantily--if at all--clad woman) is different from the picture beside it? Even with practice it can be hard to do quickly and accurately if the diferences are minor.

    Didn't rtfa, can't rtfa becasue tfa a fpdf.
  • md5 style too? (Score:3, Interesting)

    by kebes ( 861706 ) on Thursday May 26, 2005 @02:16PM (#12647396) Journal
    I've often thought that a similar thing should exist for md5 hashes and a whole slew of authentication schemes. The actual hash number can be transformed into an "abstract art" image via a combinatorial algorithm. The image could be some overlapping strange-looking lines and shapes, with the exact shapes, colors, and so on all based on the hash. Even a small change in the hash or authentication code would lead to a very big difference in the final image.

    So when you download a file, they show you a picture of the expected visual-hash. When the file finishes, you take a quick look at the visual-hash your computer just generated, and see if they match.

    Similarly for all secure websites and key exchanges. When you SSH into a server, why not show an image (or ASCII art if you prefer) based on its unique key? I think anti-phishing is just one of many usese for this kind of technology.
    • I don't see how this is any different than comparing two strings, except that you are creating an unnecessary oppurtunity for user error.

      Any image can be converted into a string (concatinating the RGB values of each pixel of the image). Comparing two strings is an exact science, while having a user visually compare two pictures is considerably more dangerous. If the application converts the expected and resultant pictures to strings, and then compares them, the result is exact. Obviously, you could then re
      • You're right in most cases. Why have a human compare the two when the computer could just compare them more accurately?

        But sometimes a user is put in a situation where they must judge whether something is secure and/or authentic.

        For instance, if I'm logging into a server from a terminal I've never used before, I want some way to verify that the server I've contacted is the real deal. As described in TFA, an exchange could occur, with a visual image being generated based on the exchange. If the visual imag
    • Pardon me for replying to my own post, but I found some references on what I'm talking about. One project is called visual IDs, where they generate random art for every icon in a filesystem, thereby making it easier to find files, based on their look rather than based on harder-to-remember filenames. Go here for more info. []

      Another one is a paper [] (reference 31 in TFA) that discusses hash visualization, i.e. generating random visual images based on unique strings/numbers/hashes.

      I think there is alot of
      • My vaporware email client displays messages with visually distuinguishing marks. Imagine a zoomed out view with a rectangle representing each email. Many things could be varied such as position of the rectangle, color, border color, border style, shape, size, and many more. A clever email client could make it easy to identify messages at a glance. All messages from "bob" could have a few features always the same, so new messages from "bob" could be easily spotted. All messages from the "foobar" mailing

  • This is vaguely related to how Lotus Notes used to use changing hieroglyphics to prevent spoofing of dialog boxes. []
  • I think it would make sense for a browser like Safari to default to a "Aqua" skin and then switch to a "Metal" skin on a secure site.

    I don't hate brushed metal but I am frustrated by the seemingly arbitrary application of it.
  • One side effect of the scheme they are proposing is much lower portability of authentication data.

    A username / password to connect to a website can be used from any browser that can connect to the website.

    But using a salted hash like the SRP scheme they are talking about would require you either creating a new account from each browser you wanted to use, or moving the existing salt to each browser. Otherwise it wouldn't generate a matching hash, and would fail to verify.
    And creating multiple sets of auth
  • Losing your password to a phisher is a complete impossibility if you use a tool to auto-generate your passwords based on the domain name and a master password. PasswordMaker [] is my favorite for Firefox; there are others too. To me this approach is far preferable to keeping a password-protected vault of passwords, because you don't have to carry the vault around with you.

    It's more secure, too. Software isn't fooled by Unicode character set spoofing -- two Unicode characters may render to the same glyph in a

  • Stop Phishing? (Score:3, Insightful)

    by protolith ( 619345 ) on Thursday May 26, 2005 @04:05PM (#12648408)
    Dear valued ebay customer,

    You may be aware of a new technology to synch a picture with a web page to ensure it is legitimate, please click this link to download an executable to synch the picture you selected with our server to better provide you with secure transactions.

    Anyone that sees this as a phishing scam, doesn't need this technology, Anyone that does need this technology is just as likely to fall for this.
  • This a copy of the posted pdf. I have only added line breaks to attempt to make it readable as a non-pdf doc. I also deleted a few footnotes on page 1 or 2. [slashdotfiltercruf] The error messages I have encountered while trying to post the document include but are not limited to " Your comment has too few characters per line (currently 39.4)", "No discussion or comments found for this request. To create your own discussion, please use journals." (happened when I tried to post the whole article), and sim
  • Berkeley researchers propose a Mozilla extension to stop phishing. They claim that users only need to remember one password and one image for their lifetime to securely log in to any number of sites.

    I just thought I would share how I would implement a very simple unified password system on the web without any risk of your password being stolen, either by dodgy webmasters or by man in the middle attack. I have no idea if it is original but seems near flawless to me and I'm going to implement it on my sit

    • I'm with you until this bit:

      But what the hell - send them all new ones by e-mail.

      If the site changed domain the user would have to re-register, or at least visit the site and provide a new hash, I don't see any way around that.

      The other thing, of course, is that this relies on user co-operation to install new software, and also implies complete trust in that software. If you're going to force people to install new software, why not just use personal certificates? You also missed a vulnerability - the
      • Yes you have hit all the major faults right on the head. However let's see if i can point out why they aren't so bad

        Change of uri/domain -

        A fairly uncommon event for most well established websites (obviously not torrent sites :P) and this could be taken into account by keeping both domains/uri's live long enough for users to transfer their account across somehow. Maybe indicating a move and asking the user to accept it, in which case it simply uses the old and new domain string sequentially to accomplish
  • Maybe I didn't read the paper closely enough (I do have work to do) but it seems that this does a few things:

    1. Instead of showing a little lock icon when you connected securely and the certificate was OK, it displays an abstract pattern across your entire browser window.

    How does this prevent phishing attacks? If a user goes to URL and the certificate is for, then you'll get the OK image. All that has to do is figure out a way to get that certificate signe
  • Acutrust [] is a much better approach to the problem. It uses an encrypted image to prove the site is authentic. The unique thing about this product is that is does not require the user-base to install any special software.

    Acutrust FAQ faq/ []
  • Finally, all those years of looking to find six differences between the pictures will pay off!

    It's like a dream finally come true!

    - Zarq

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.