Vidoop: Monetizing Information Security
By Daniel Miessler on March 29th, 2008: Tagged as Information Security
I’m excited about a certain type of security product, or, at least the idea of such a type of product. This product type does two things:
- Offers the same or higher level of security to the user.
- Offers that security while being easier, more transparent, or less annoying to use.
One product in this space that I’ve talked about before is BioPassword, which offers two-factor authentication based on typing characteristics. So the user thinks they’re using only one factor — the password they know, but in fact they’re uniquely identifying themselves as well, giving us the are bit.
Vidoop
The latest one I’ve seen is Vidoop. Vidoop allows users to forego static passwords and construct a one-time-password (OTP) by recognizing images from pre-selected categories. So below am being prompted to enter credentials by Vidoop.
Let’s say my categories (defined during account creation) are cars, dogs flowers. My password would then be LPK. We get a few things from this:
- No passwords to remember.
- Protection from keylogging since passwords are only good once.
- A visually appealing, engaging login procedure.
The unique thing about this system is that there’s a monetization element. As you can see with the screenshot, there’s a series of images. What Vidoop is doing is allowing advertisers to do product placements within the categories. So the “car” might be a Ford Mustang, for example. And Vidoop is sharing that ad revenue with those who implement the solution.
Very innovative.
Downsides
There is a downside, however (there almost always is). There are many users that will be too dim to use the product. They’ll either forget their categories or they’ll be unable to properly pick out the proper letters and put them in order. The question is simply one of how much security we’re getting vs. how advanced the user-base is (i.e. how much it’ll impede business and cause complaints).
Conclusion
Overall I think it’s a really interesting technology. Ultimately it’ll reduce to how easy it is to implement. Many products are awesome in the demo and are a nightmare to get into production. Either way, it’s an exciting idea and I look forward to seeing how it does.:
--
it reminds me of a similar process in 1995’s “johnny mnemonic”? (i wonder if it was in the original William Gibson short story.)
http://en.wikipedia.org/wiki/Vidoop
-=T=-
Comment by TIMM — 3/29/2008 @ 3:46 pm
Hi Daniel. Thanks for writing on Vidoop. I work at Vidoop and wanted to mention that on most implementations (including our myVidoop.com), users may choose whether or not they want to require their codes to be entered in order. That lowers the bar for those who can recall the categories but not the sequence. We also provide user self-reset (using your phone) to allow users to reset any forgotten credentials without waiting to go through a customer service phone bank. Thanks again for the mention. –Mitch
Comment by Mitch — 3/30/2008 @ 1:28 am