Vidoop
From Wikipedia, the free encyclopedia
This article may not meet the general notability guideline or one of the following specific guidelines for inclusion on Wikipedia: Biographies, Books, Companies, Fiction, Music, Neologisms, Numbers, Web content, or several proposals for new guidelines. If you are familiar with the subject matter, please expand or rewrite the article to establish its notability. The best way to address this concern is to reference published, third-party sources about the subject. If notability cannot be established, the article is more likely to be considered for redirection, merge or ultimately deletion, per Wikipedia:Guide to deletion. This article has been tagged since December 2007. |
Vidoop LLC | |
---|---|
Type | Private |
Founded | 2006 |
Headquarters | Tulsa, Oklahoma, USA |
Industry | Computer Security |
Products | Vidoop Secure, myVidoop.com |
Employees | 26 |
Website | www.vidoop.com |
Vidoop LLC is a privately-held company based in Tulsa, Oklahoma. Its flagship product is Vidoop Secure, a login solution designed to function without traditional passwords, which Vidoop claims is resistant to brute force, keystroke logging, phishing, and some man-in-the-middle attacks.[1]
Contents |
[edit] Founding and Launch
Vidoop was founded in 2005. As of March 2006 it had 10 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the Web 2.0 Expo in San Francisco, California on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007. [2]
[edit] Products
Vidoop's core technology is the Vidoop Dynamic Image Grid, a login tool that powers Vidoop Secure and thus myVidoop.com. The company also sells advertising space, allowing a company to place its products as images in the grid. There are currently two multi-national advertisers: Smart USA (a division of Daimler) and ConocoPhillips (Phillips66, Conoco, and 76 brand gas stations). One regional advertiser: Mazzio's. And one local advertiser: Jackie Cooper Imports (A local Tulsa, OK auto dealer). [3]
[edit] Vidoop Secure
Vidoop Secure is a user login technology based on categorized images. When a user enrolls in a system implementing the technology, he chooses from several categories of images (such as airplanes, cars, or keys).[4] Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by email or by phone via voice or text message. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.[5]
[edit] myVidoop.com
myVidoop.com is an OpenID provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.
[edit] Criticisms
Vidoop has met with criticism regarding the claims of their technology's resistance to hacking. For example, researchers at CommerceNet have described a possible attack,[6] and also published a video of a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet weblog.
Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments.[7][8]
Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3-5 categories out of a possible 12, which is only 8-10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.
Guessing Vidoop passwords is not necessary, since an attacker could just as easily scrape the user's input and correlate it with an image corpus.
[edit] References
- ^ Vidoop.com: Vidoop Secure Resistance to Attack. Vidoop LLC. Retrieved on 2008-01-29.
- ^ Evatt, Robert (2007-04-18), “Access Granted”, Tulsa World: E1, <http://www.tulsaworld.com/business/article.aspx?articleID=070418_238_E1_hTuls34656>
- ^ Vidoop.com: Sponsors. Vidoop LLC. Retrieved on 2007-05-15.
- ^ Forbes Business Wire (2007-04-07). "Goodbye Passwords. Vidoop Debuts New Authentication Technology at Web 2.0 Expo". Press release. Retrieved on 2007-05-15.
- ^ How It Works [Flash]. Vidoop LLC.
- ^ Dhamija, Rachna (2007-05-07). Attacks on Vidoop Authentication (Blog). The New Economy. CommerceNet. Retrieved on 2007-05-15.
- ^ Vidoop: Hack Proof Log In? (Blog). Soxiam Wiki (2007-05-09). Retrieved on 2007-05-15.
- ^ Vidoop (Blog). ha.ckers (2007-04-18). Retrieved on 2007-05-15.