Comments on: MyVidoop Tries to be Everything You Need for Login Security

By: Jason the Content Librarian » Blog Archive » Exploring OpenID and identity 2.0 resources

Wed, 10 Oct 2007 21:15:46 +0000

[...] a concept called OpenID. But I had never taken any concrete steps to learn more. But last week Web Worker Daily had a post about a very interesting new OpenID service, called Vidoop. Vidoop is an OpenID provider, so when [...]

By: Scott Blomquist » Blog Archive » The hard FAQs about Vidoop

Scott Blomquist » Blog Archive » The hard FAQs about Vidoop — Wed, 10 Oct 2007 05:36:52 +0000

[...] have been some good blog conversations lately about myVidoop.com and Vidoop Secure (over at Judi Sohn’s Web Worker Daily review of myVidoop, or Carleen Hawn’s write-up over at GigaOM for [...]

By: Wondering

Wondering — Tue, 09 Oct 2007 20:46:41 +0000

S.W.

You need to go back to school. How exactly does a password (no matter how complex) combat simple keystroke logging? automation? guessing?

-WONDERING what kind of security related authority you have especially since you sound like you are just hating.

By: S.W.

S.W. — Tue, 09 Oct 2007 07:48:35 +0000

@Judi

On an authorized computer, the login system is worthless and can be defeated by anyone in seconds. So, the whole hype about their image grid is complete bunk. They’re better off using a plain old password.

The entire security of the system relies on the “software token” (a.k.a. a cookie). Since this token is sitting on a drive and written by a user process, it’s vulnerable to being stolen malware. It’s disingenuous for them to be touting this as a protection against keyloggers when it’s just as easy for malware to grab the activation data.

By: Judi Sohn

Judi Sohn — Mon, 08 Oct 2007 22:14:35 +0000

@S.W. Perhaps, but you have to be sitting at a computer that MyVidoop has already authorized.

By: S.W.

S.W. — Mon, 08 Oct 2007 20:19:58 +0000

This login scheme can be defeated by an illiterate person clicking reload a few times. All they need to do is keep track of which image categories are consistently displayed. I broke my own password in 3 reloads.

This can be automated by scraping and classifying Vidoop’s image library.

By: Judi Sohn

Judi Sohn — Sun, 07 Oct 2007 10:51:56 +0000

Thanks, George. I don’t know why I didn’t notice that before.

I’m still enjoying MyVidoop, but one thing about the Firefox plugin is driving me crazy: The timeout is way too short. I can be reading a long article or writing an email, and MyVidoop will log me out. I understand that it can only monitor browser activity, so if I’m working in email or Word the plugin thinks I’ve left the computer. But the time has to be longer than it is.

By: links for 2007-10-06 « Zero influence

links for 2007-10-06 « Zero influence — Sat, 06 Oct 2007 00:38:32 +0000

[...] MyVidoop Tries to be Everything You Need for Login Security « Web Worker Daily Short review on Vidoop. I so love this platform. (tags: login authentication advertising transaction SSO Token) [...]

By: George Louthan

George Louthan — Fri, 05 Oct 2007 18:20:42 +0000

Thanks for the write-up! And, speaking as the person attached to the hand in that video, I always get a kick out of seeing that around.

One thing that I’d like to add is that, though only one username will autofill, changing it to a different saved account is just a matter of clicking the “username” field and selecting the one you want to use, if that makes sense.

Again, all this attention we’re getting is so exciting, and I want to thank everyone for being interested.

By: Scott Blomquist’s Online Identity, 2.0 » Blog Archive » Every week should be like this one!

Fri, 05 Oct 2007 03:53:14 +0000

[...] We’ve had a few good write-ups this week. Especially an article in Financial Week and a review of myVidoop in Web Worker Daily. [...]

By: tyler

tyler — Tue, 02 Oct 2007 01:58:37 +0000

rymes with poop?!

By: Carsten Pötter

Carsten Pötter — Mon, 01 Oct 2007 20:26:01 +0000

I haven’t tried MyVidoop yet, though it seems to have similar features (OpenID/password management) as Sxipper. BTW, there are two really good online password management services which should be interesting to people who don’t need an OpenID provider or who have one already: PassPack and Clipperz.

@Vincent404: Currently there is no way to port OpenID’s from one provider to another. Though if you have a blog or website you should consider delegation which means that your blog’s URL works as an OpenID while delegating the authentication process to an OpenID provider. This way you can always change the provider while using the same URL as an OpenID: your blog’s URL.
Some relying parties (=websites that let you log in with OpenID) let you associate multiple OpenID’s with your account. So it’s possible to use different OpenID’s for login.
Anyway don’ worry, MyOpenID is one of the best providers out there, IMHO.

By: Isaac Rabinovitch

Isaac Rabinovitch — Mon, 01 Oct 2007 19:55:40 +0000

There are desktop software solutions like Roboform (PC) or 1Passwd (Mac), but they won’t help you when you’re away from your main computer…

Roboform certainly can. You can get PDA apps (PalmOS and Windows CE) that store copies of all your logins.

By: FirefoxUser

FirefoxUser — Mon, 01 Oct 2007 19:23:19 +0000

There are many good Firefox add-ons for password management – and they work on Windows, Mac and Linux! One of them (iMacros) can even use social bookmarking services to store the passwords, so you can access them from every PC that has Firefox installed.
http://del.icio.us/imacros/imacro

By: vincent404

vincent404 — Mon, 01 Oct 2007 13:30:43 +0000

Wish I knew of this BEFORE I signed up with Myopenid. If anyone knows of a way to port one OpenId to another provider, let me know.