Scientists from a university in New York have a inlogmethode developed, which makes phishing almost impossible. The method works with a set of images, from which the user four images as a password.
The password is not on the side of the server, but only in a file on the user’s computer. After entering the username, reads the website the file from and choose a set of twelve images, including the four correct.
However, the database contains not only the twelve images that the user will see, but is much larger. Wants someone with a fake site, the password trick, so guess what pictures are used in the password, the scientists of the Stony Brook University in their paper. Because people only remember what the picture was, a tree, or a dog, for example, but the exact details do not remember, it is difficult for the password to extract. The site has a large set of images that can be used as part of the password.
The technique works according to the scientists, precisely because people the details of the pictures from their forgotten password. According to a small trial that they have done with a few dozen people managed none of the participants to enter their password to successfully implement on a phishing site. Participants were able to phishing-site search on images, such as tree or dog.
It is unclear whether the scientists, the technique will offer or sell on sites like inlogmethode. The method also has limitations: the password must be always on the device of the user is stored. This is log from another pc or mobile device impossible. Also, it is unclear how the file with the password on the computer is protected against theft. Inlogmethodes, where users images to select, have been in existence longer.
