Vidoop: The Safer OpenID
With all the Web 2.0 websites come more and more usernames and passwords to remember every time we register. I spoke of OpenID not too long ago and many have accepted them, not knowing what else is out there. OpenID is a creative solution to this growing problem but That is for sites that take OpenID logins, but most don’t.
There are desktop software solutions like Roboform (PC) or 1Passwd (Mac), but they will not help you when you’re away from your main computer, and they don’t stop hackers and other people from stealing your password when it’s transmitted to the site (Yet). What do you do?
Vidoop has come up with an appealing way to both the juggling password problem and the security problem with a solution that uses visual cues instead of passwords. They have taken their technology and now offer it in a free package they call MyVidoop.
MyVidoop is basically an OpenID provider, so if you already have OpenID, you are all set! Like I mentioned, most sites don’t support OpenID so MyVidoop offers a Firefox plugin (IE support promised) that lets you store your passwords either on MyVidoop’s servers or in an encrypted file on your computer. The plugin, when activated, will offer to auto-fill the site login fields when you visit the page again. It is pretty simple.
Logging in to MyVidoop uses a secure feature called “Vidoop Secure.” When you register, instead of picking a password you pick three visual categories that you keep secret and the registration process walks you through. The pictures change each time, so if “cars” is your category you probably won’t see the same car the next time.
I like the idea of Vidoop/MyVidoop and it shows some promise towards combining usernames and passwords we have to remember. It’s not perfect yet. Sometimes it can be difficult to make out whether or not the picture is in your category. I chose “Tech” and sometimes even that was difficult.
If you’re worried about someone snooping on you when you enter your passwords, or you like the idea of managing OpenID trusted sites, then MyVidoop is definitely worth considering. I think I’ll continue to use Roboform and 1Passwd though.
Gary Krall | Oct 25, 2007 | Reply
Users looking for alternatives to Vidoop’s image solution might also check out Verisign’s PiP product at: http://pip.verisiglabs.com.
Verisign provides second factor authentication for users of the Verisign supplied PayPal Security Key https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside
where users of the key can bind it to their PiP account satisfying the requirement of something you know (your password) with something you have (the token).
Jim | Oct 25, 2007 | Reply
Yeah, doesn’t Verisign charge $5 bucks for their token? And who wants another dongle in their pocket?
My last company required tokens. BIG PITA (Pain In The A**)
David A Teare | Oct 27, 2007 | Reply
Vidoop looks pretty interesting. I also think OpenID solves a very important problem and think that someday everyone will support it (or its successor, whatever that may be).
It will take time, however, as everyone needs to cooperate and that’s not easy. Just look at spam; it is technically an easy problem to solve, but requires cooperation. Yahoo’s DomainKeys Identified Mail (DKIM) solution took 3 years to become a *proposal*
Re: accessing your passwords while on the road, the Sync to iPhone feature in 1Password will help a lot. Also, the upcoming my1Password web service will let you access your passwords from any modern web browser and an Internet connection.
Cheers!
–Dave Teare
Co-author of 1Password