Vidoop: an interesting new authentication system...
Apr 21, 2007
Vidoop is a new OpenID provider that was showcased during the Launch Pad event at the Web 2.0 Expo last week. The thing that makes Vidoop different is its new "passwordless" authentication system. As many of you know, password-based authentication comes with its fair share of problems - keyloggers can sniff passwords, phishing sites can trick users into giving them away, man-in-the-middle attacks can intercept them, and in many cases, brute force methods can be used to guess them.
Vidoop attempts to mitigate these problems by eliminating passwords from the equation, and replacing them with single-use codes instead. The Vidoop login screen consists of a grid of pictures, with letters associated with each one, that gets randomized each time. When you first sign up for an account, you're asked to pick a series of general categories of objects - for instance, cars, fruits and animals. Then, at the login screen, you simply identify the pictures belonging to your secret list of categories and enter the letters associated with those pictures. Since the pictures, letters, and the arrangements of classes change randomly each time, the user's "password" essentially becomes a one-time-use code. This means that even if the code is stolen or intercepted, it is useless for subsequent login sessions.
In order to make the system even more secure, Vidoop actually goes one step further - if a user tries to login from a computer that he/she has never used before, the system asks the user to add the machine to a "trusted" list before it even displays the picture grid. This is done by sending the user a unique pin code via SMS, telephone, or email, which he/she has to enter on the computer. This is one-time step for each new machine that a user attempts to login from. I talked to Luke Sontag, Vidoop's Co-Founder and President, on the show floor, and he mentioned that they also plan to add Jabber/XMPP support for this step soon.
Vidoop's monetization strategy is also quite interesting. Since the system is free for end-users, the company gets its revenue from advertisers who can promote their products and brands by buying a slot in the login screen grid. Smart USA, for instance, has already bought a sponsored slot in the cars category.
The service is still in an invitation-only beta. If you'd like to try it out, I have one extra invitation code to give away to the first person who asks for it, either by posting a comment here, or by sending me an email. :)