Why to pass on passfaces – OpenID security

Some people are concerned on OpenID security and the possibility of phising. Some people are giving solutions to it, and while I?m not trying to be the one that’s not part of the solution, this is just crazy: http://blog.passfaces.com/?p=23

If you go there you can see that passfaces is trying to implement a security system based on our ability to recognize faces. While it might seem like a good idea at first, doesn’t seem to be if you take a closer look by using their demo. You have to be “trained” to recognize the faces, basically, see a photo several times and learn to find it among other photos of faces.

To ask people to “train” in order to be secure is by far more utopic than asking them to have secure passwords, change password every X months and to have different passwords for different site.

While passfaces might be a good idea, it is just not practical. I don’t think they will gain many users for the service.

Advertisements

Leave a comment

Filed under openid, security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s