Hitoshi Kokumai

7ヶ月前 · 1 分の読書時間 · visibility ~100 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Sequel - Detection of Fake Log-In Page

Sequel - Detection of Fake Log-In Page

In my earlier post “Detection of FakeLog-In Page”, I wrote “show the user’s image ALONG WITH DOZENS OF OTHER IMAGES.”

Have you taken note of it? This element plays a crucial role in our scheme.

A would-be phisher can easily copy the log-in screen and show it to a target user whose User ID is known. But the phisher does not know which image was registered by the user as the credential of the genuine log-in server as against the other images, whereas both the user and the genuine log-in server know which one was registered.

We ask the user to pick up the registered image and also several other meaningless images in a random sequence; the outcome will be that the genuine log-in server will know that the user has selected the registered image in the choice, while a fake log-in server will not know it, so the phishing process will have to stop there. Copying the genuine log-in page would thus take the phisher nowhere.

After this screening of fake log-in servers, the user will be asked to go through the authentication by a password, desirably by Expanded Password System where it is available.

< References >

Summary and Brief History - Expanded Password System

Image-to-Code Conversion by Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

External Body Features Viewed as ‘What We Are’

 History, Current Status and Future Scenarios of Expanded Password System

Negative Security Effect of Biometrics Deployed in Cyberspace

Removal of Passwords and Its Security Effect

Availability-First Approach

Update: Questions and Answers - Expanded Password System and Related Issues (30/June/2020)

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

< Latest Media Articles Published in 2020 Spring>

Digital Identity – Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/

‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/

thumb_up 関連性 message コメント
Ricci Burgett

Ricci Burgett

7ヶ月前 #1

I'm against of removal passwords and all this "biometric login" stuff.

その他の記事 Hitoshi Kokumai