Today's keynote presentation session at the Web 2.0 Expo kicked off with the Launch Pad event. New companies, hand-picked by the conference organizers, are given five minutes each to demonstrate their products and ideas.
Vidoop's Luke Sontag stole the show with his demo of his company's secure website login technology. The Vidoop system is innovative but simple. When a user sets up a Vidoop login (using OpenID if they want), they pick two categories that interest them. Say, "horses and food" or "airplanes and beer." Every time the user logs in using Vidoop, they see a grid filled with nine images, and each image has a letter associated with it. Two of the images fall within the categories the user picked, so they find those category images and enter the letters in the images. The letters associated with each photo change at each login, defeating keystroke logging.
Human-level cognition is needed to recognize the grid, says Sontag, making the login more secure than just an OpenID or a standard login. It's sort of like a personalized CAPTCHA that only you can solve. Also, since the user can't even see the grid unless they have a Vidoop software token (downloaded when they sign up) on their hard drive.
Sontag calls the Vidoop system "the new vault," in reference to the shift in technology that happened in the Wild West's gold rush days. When banks started using sliding bolt combination locks, robberies and thefts decreased. Banks with the more vulnerable lock-and-key vaults were targeted more often. His implication – that sites without Vidoop are more vulnerable to attack than sites with other secure login methods – is possibly a little condescending. But the Vidoop system does add another layer of security to standard OpenID systems, and it should be judged on its performance within that context.
If you want to see a demo of how this works, Vidoop supplies an uneccessarily huge 12-minute, 155MB QuickTime video on its website.
