Vidoop Wants To Eliminate Web Passwords, But Can Their Strategy Work?
December 12, 2007 |
Anyone who uses the internet on a regular basis has surely realized that the task of registering individual accounts at several different websites, and then remembering each of those user names and passwords can be quite a daunting task.
Although there are a few web services that offer password management (such as Clipperz and PasswordSafe) as well as desktop password management applications (KeePass and KeyWallet), Vidoop sees passwords as a weak point in online security, and is therefore aiming to completely abandon passwords in favor of their newly developed single login system which makes use of OpenID.
When signing up for myVidoop, users must simply choose a desired user name and nowhere on the service is a password requested. Instead, Vidoop's strategy requires memorization of anywhere from 3 to 5 secret categories, but is this really more secure than passwords and will it be easier or harder to remember than passwords?
After selecting a user name, myVidoop asks users to select 3-5 secret categories from the group of available choices. Each category is represented by an image with a random letter overlayed and is displayed in a random order on a twelve-square (3×4) grid (as seen in the image below). To log in after typing their user name, users must correctly identify the images of their chosen secret categories and input each of the letters corresponding to those images, in the order they appear on the grid, giving them the access code.
Sound confusing? Well, it is… and if that wasn't enough, it gets even more complicated when you realize that the images for each category are different every time you log in. After testing myVidoop for myself, I found that it took me longer to login to the single Vidoop account than it took to enter a password on typical services. But, I figure that it could possibly be worth the extra attention and time required for one login if it eliminates the need for any further login information on other sites.
Each myVidoop user is assigned an OpenID upon registering (username.myvidoop.com), and also receives a profile which keeps track of all recent login activity across all of a users registered sites. At sites that use the OpenID protocol users can simply login using the OpenID given them by Vidoop, but the service also works with sites that don't support its single sign-on system. A browser plug-in is also available that will ask if you want myVidoop to remember your user name and password when you log in at any website. After telling the plugin to remember a password, your information is then automatically filled in for you upon your next visit.
Another process that I found very tedious and monotonous, however, is activating access to your account from a new PC. For added security, myVidoop recognizes when a user is logging in from an unknown computer and requires access from the new PC be confirmed by entering an activation code that can be received via e-mail, SMS text message, or an automated phone call. If necessary, users may select a check box saying this is their PC, as well as assign it a name for future reference so that their account will recognize that computer the next time it is used. Those who use public computers frequently may find this feature too irritating to justify the use of myVidoop.
All in all, Vidoop has developed an innovative system, but when it comes down to it, users must either give up a little security and settle for passwords or opt for the added security of myVidoop and deal with the more time-consuming and unfriendly login process. For now, I think I will stick with passwords… at least until I find a better solution.
