Vidoop
Encyclopedia
Vidoop LLC is a privately-held company based in Portland, Oregon
. Its flagship product is Vidoop Secure, a login solution designed to function without traditional passwords, which Vidoop claims is resistant to brute force
, keystroke logging
, phishing
, and some man-in-the-middle attacks. On 30 May 2009, Vidoop announced that it was going out of business.
. As of March 2006 it had 4 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the Web 2.0 Expo in San Francisco, California
on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007.
(Phillips66, Conoco, and 76 brand gas stations). One regional advertiser: Mazzio's
. And one local advertiser: Jackie Cooper Imports (A local Tulsa, OK auto dealer).
, or keys
). Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by email
or by phone via voice or text message. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.
provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.
have described a possible attack, and also published a video of a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet weblog.
Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments.
Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3-5 categories out of a possible 12, which is only 8-10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.
Portland, Oregon
Portland is a city located in the Pacific Northwest, near the confluence of the Willamette and Columbia rivers in the U.S. state of Oregon. As of the 2010 Census, it had a population of 583,776, making it the 29th most populous city in the United States...
. Its flagship product is Vidoop Secure, a login solution designed to function without traditional passwords, which Vidoop claims is resistant to brute force
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
, keystroke logging
Keystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
, phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
, and some man-in-the-middle attacks. On 30 May 2009, Vidoop announced that it was going out of business.
Founding and Launch
Vidoop was founded in 2006 in Tulsa, OklahomaTulsa, Oklahoma
Tulsa is the second-largest city in the state of Oklahoma and 46th-largest city in the United States. With a population of 391,906 as of the 2010 census, it is the principal municipality of the Tulsa Metropolitan Area, a region with 937,478 residents in the MSA and 988,454 in the CSA. Tulsa's...
. As of March 2006 it had 4 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the Web 2.0 Expo in San Francisco, California
San Francisco, California
San Francisco , officially the City and County of San Francisco, is the financial, cultural, and transportation center of the San Francisco Bay Area, a region of 7.15 million people which includes San Jose and Oakland...
on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007.
Products
Vidoop's core technology is the Vidoop Dynamic Image Grid, a login tool that powers Vidoop Secure and thus myVidoop.com. The company also sells advertising space, allowing a company to place its products as images in the grid. There are currently two multi-national advertisers: Smart USA (a division of Daimler) and ConocoPhillipsConocoPhillips
ConocoPhillips Company is an American multinational energy corporation with its headquarters located in the Energy Corridor district of Houston, Texas in the United States...
(Phillips66, Conoco, and 76 brand gas stations). One regional advertiser: Mazzio's
Mazzio's
Mazzio's Corporation is the parent company of Mazzio's Italian Eatery and the former parent company of Zio's Italian Kitchen. In November 2007 Zio's Italian Kitchen was sold to a private company....
. And one local advertiser: Jackie Cooper Imports (A local Tulsa, OK auto dealer).
Vidoop Secure
Vidoop Secure is a user login technology based on categorized images. When a user enrolls in a system implementing the technology, he chooses from several categories of images (such as airplanes, carsCARS
Cars, or automobiles, motor cars, are wheeled motor vehicles used for transporting passengers.Cars or CARS may also refer to:-Entertainment:* Cars , a Disney/Pixar film series...
, or keys
Key (lock)
A key is an instrument that is used to operate a lock. A typical key consists of two parts: the blade, which slides into the keyway of the lock and distinguishes between different keys, and the bow, which is left protruding so that torque can be applied by the user. The blade is usually intended to...
). Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by email
Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
or by phone via voice or text message. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.
myVidoop.com
myVidoop.com is an OpenIDOpenID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...
provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.
Criticisms
Vidoop has met with criticism regarding the claims of their technology's resistance to hacking. For example, researchers at CommerceNetCommerceNet
CommerceNet is a 5016 organization established in 1994 to promote electronic commerce on the Internet. The organisation initially focused on industry-wide research and programs that have advanced the commercial use of the Internet.-History:...
have described a possible attack, and also published a video of a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet weblog.
Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments.
Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3-5 categories out of a possible 12, which is only 8-10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.