Another secure cybercafe login idea: Facebook photos

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, robyn, JoeSiegrist

Another secure cybercafe login idea: Facebook photos

Postby Estie » Mon Sep 14, 2009 3:00 am

OK so there's keyboard logging or screen capture software installed at the cybercafe. So my master password may be at risk, right? Wrong. Here's my idea:

I log into Lastpass from a cybercafe by going to cybercafe.lastpass.com (I'm using this URL to let lastpass know the difference) using the on-screen keyboard.

Next to the onscreen keyboard, Lastpass displays the pictures of 25 people (5x5 grid). 3 of the 25 are real people pulled from my Facebook or LinkedIn network (with optional first/last names). In addition to the Lastpass master password, I need to select the right 3 people in the grid and be right the first time. The next login it's 3 different people that make up the "right" answer. I can also edit the images and store them in Lastpass so if someone changes their photo to a crazy unrecognizeable closeup, it's not included. I can also add my own photos if I like but pulling them from Facebook is easier.

*** I guess it would still be easier to have a 1 time "cybercafe" password sent to my phone via SMS. ***
Estie
 
Posts: 32
Joined: Sun Aug 16, 2009 11:45 am

Re: Another secure cybercafe login idea: Facebook photos

Postby JoeSiegrist » Mon Sep 14, 2009 11:14 am

Estie Wrote:OK so there's keyboard logging or screen capture software installed at the cybercafe. So my master password may be at risk, right? Wrong. Here's my idea:

I log into Lastpass from a cybercafe by going to cybercafe.lastpass.com (I'm using this URL to let lastpass know the difference) using the on-screen keyboard.

Next to the onscreen keyboard, Lastpass displays the pictures of 25 people (5x5 grid). 3 of the 25 are real people pulled from my Facebook or LinkedIn network (with optional first/last names). In addition to the Lastpass master password, I need to select the right 3 people in the grid and be right the first time. The next login it's 3 different people that make up the "right" answer. I can also edit the images and store them in Lastpass so if someone changes their photo to a crazy unrecognizeable closeup, it's not included. I can also add my own photos if I like but pulling them from Facebook is easier.

*** I guess it would still be easier to have a 1 time "cybercafe" password sent to my phone via SMS. ***


This is an interesting idea, but it's got some issues -- we at LastPass don't have access to your passwords to be able to pull the data needed; not everyone uses facebook, not everyone has enough friends to make this possible; I'm sure there's an attack on this based on racial profiling: I'm much more likely to have white friends than black friends based on my skin color -- so we'd need to pull people that look very similar to the actual 3 results.

I think we could probably pretty easily solve the last one, but the first 2 are difficult...
JoeSiegrist
 
Posts: 4185
Joined: Wed Aug 20, 2008 10:40 am

Re: Another secure cybercafe login idea: Facebook photos

Postby Estie » Mon Sep 14, 2009 12:07 pm

Facebook is up to 200M users now so I think it'd work for so many people that it'd be worthwhile as a first step for early adopters. You can also allow people to upload their own photos for the "correct-photo" list that lastpass has to choose from.

For the facebook login problem, I'd just modify the IE/FF addin to "grab photos" when I'm logged into facebook, present them to me, and let me include/exclude the faces I like and upload them to lastpass.com.

The racial profiling thing is an interesting point, but you could ask the user what race(s) they want included in the false-photo list.
Estie
 
Posts: 32
Joined: Sun Aug 16, 2009 11:45 am


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 23 guests