RE: Summary: Growing Bad Practice with Login Forms

["Mike Peppard" <mpeppard () impole com>]

> > Something like a database of unique graphics and you know you're 
> > secure if the site has hashed your password and chosen "your" graphic 
> > to put in the upper corner of every page?

> This sort of solution only would help a people who are already
> conscientious.  How many people would want to go to the extra trouble
> of establishing such an image and then remembering the images.

You make them, just like you make them use a PIN. I'm also talking about
higher security sites. Banks and the like. For a shopping cart at "Joe's
Internet automart" this makes no sense, but problems would be covered
under creditcard insurance there.

I'm thinking about the procedure:
1) I go to your site and check ssl is on.
<Assumption is that "your site" is the site I really wanted to go to.>
2) I put in my private information.
3) You send me back a graphic.
<Assumtion is that we are the only ones who know the graphic.>
4) I have to send a reply back that the graphic I see is the
correct graphic. It may take a couple of trys.
5) The "good site" now knows I have the password and know the graphic.
<Assumtion is that having the graphic and password makes me the owner
of the graphic and password, not the phisher.>
6) I check each page for the graphic.
<Assumption is that I'm safe if I see the graphic.>
7) If the graphic is wrong or disapears, I call the bank right away.
<Assumption is that I care enough to do it.>

It's the assumptions that bother me and how to ensure minimal damage
can occur before dual verification happens. The graphic can be assigned
from a large database of graphics randomly and be effective. A person
confronted with a pic of children playing would be disconcerted when
the reply graphic had... say... black and white blocks on a table.