ReadWriteWeb

UsableLogin Gives You One Login For All The Web

Written by Sarah Perez / September 12, 2008 7:00 AM / 19 Comments
« Prior Post Next Post »

As early adopters and technology enthusiasts, we're known for signing up for every new service presented to us. Due to the sheer number of web sites out there, most of us have devised a system for remembering all those passwords: we make them all the same. (Nod sheepishly if this is you). This system, although easy, is dangerously insecure. A hacker would only need to comprise your password one time in order to gain access to all your accounts. But what alternatives do we have?

At this week's DEMO conference, I was introduced to two new ways to make authentication on the web more secure, and both of them are truly incredible. This post will look at one of those methods: UsableLogin.

About UsableLogin

UsableLogin is a new application from Usable Security Systems which allows you to choose one simple code word and use it to log into any web site. That codeword can be as simple as your dog's name ("fido") or your favorite color ("pink"). Why is this possible? Because the code word is just one layer of security - behind the scenes, the software creates another password for you for the actual web site. The password it creates is strong, complex, and highly secure, just as we know passwords should be.

How It Works

To use UsableLogin, you simply download the browser plugin. After you pick a background image and your easy-to-recall pass code, the login box will appear consistently across every web site you access, whether that's Facebook or your bank.

Web sites can also choose to support UsableLogin by putting a small bit of JavaScript code on their site.

Here's what UsableLogin sign-in boxes look like:

When you log in to a web site, UsableLogin cryptographically combines your simple code word with secret data pulled from separate sources: your computer and Usable Security's servers. This data is combined to create a secure verifier which is used as your complex password. Your code word is never stored and web sites never see it.

UsableLogin can be used on any web site that accepts passwords. It will also work on any operating system and browser.

UsableLogin on Gmail

The Usable Login Dashboard

From the UsableLogin homepage, you can manage all your accounts and view your history - when you last logged on and from which computer. You can also authorize and deauthorize computers from this dashboard, so for example, if your laptop was lost or stolen, you could make sure that no one who got a hold of it could log in to your accounts.

Security Made Easy

Ask any I.T. professional about "multi-factor authentication" and they'll tell you how much more secure it is against attacks. Think of it this way: on your front door you have a doorknob with a lock - that's the extent of protection you have today. Add a deadbolt to the mix, and even though your door's lock is so much easier to pick, the extra lock (the deadbolt) makes it much harder to get into your house. That's multi-factor authentication. (OK, it's actually much more complicated than that, but that's the easiest way I could think to explain it.)

If you want to learn more about UsableLogin, you can watch their entire presentation from DEMO08 here:

UsableLogin will become available in early 2009. You can sign up on their homepage to be notified when it's released.

« Prior Post Next Post »
Posted in and tagged with

Related Entries


1 TrackBacks

TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/4888

Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. What happen if the service does not exist anymore? Is there a way to retrieve all these really strong passwords or you have to set up another account?

    And if javascript is not working on the particular computer, the solution becomes unavailable, no?

    I am not sure this way to look at the issue is the good one. One place to authenticate like openId looks better than different places and an additional layer to store these passwords.

    Posted by: kanjiroushi | September 12, 2008 7:40 AM



  2. Great meeting you Sarah! This one was pretty interesting - not sure it will be very successful but it is moving the discussion about logins forward.

    And, isn't this what openid is supposed to be?

    Posted by: allen | September 12, 2008 7:43 AM



  3. Wow, that was an excellent presentation! It's also the first one that I've watched from DEMO or TC50-- are all of the presentations always this good? I'm psyched about their product now!

    Posted by: Andy DeSoto Posted on FriendFeed   | September 12, 2008 7:45 AM



  4. What if you're at school or a friend's house? You won't know your own password for any of these sites. I think we need more info.

    Posted by: Michael Hansen | September 12, 2008 8:23 AM



  5. This service is quite cool,patiently waiting for it.

    Posted by: Akshat | September 12, 2008 8:24 AM



  6. What happens when I'm at a random computer trying to sign in to something? Other than choosing an awesome picture for the background, why is this better than OpenID?

    Posted by: Jordan Hofker Posted on FriendFeed   | September 12, 2008 8:32 AM



  7. A simple alternative to password management is to use initials for each website, then you just need to have one password.

    For example:

    GMail: defewedcgmew43252
    FaceBook: defewedcfbew43252
    FlickR: defewedcfrew43252
    YouTube: defewedcytew43252

    so you just need to remember defewedc and ew43252 but you have a different password for each site!

    Posted by: Abu Zayd | September 12, 2008 9:14 AM



  8. Excellent presentation! Cant wait to get it in my hands :)

    Posted by: Dainis Graveris | September 12, 2008 9:29 AM



  9. compare to openid, requires no plugin and no javascript
    ??

    Posted by: colleen | September 12, 2008 9:42 AM



  10. Cool! Will give this a go.

    Posted by: Kol Tregaskes Posted on FriendFeed   | September 12, 2008 9:46 AM



  11. @Jordan, @Colleen: UsableLogin works on any website anywhere, even if they don't support it (This is done via the plugin) whereas sites have to choose to support OpenID and make that one of your login options.

     Posted by: Sarah Perez Author Profile Page | September 12, 2008 10:46 AM



  12. Is it possible to store it inside a home page (igoogle, netvibes, ...) ?

    Whould be nice if you do not always use your own pc.

    Good post anyway

    Posted by: Peter | September 12, 2008 11:52 AM



  13. Or you could use Live ID and integrate your site with it... then you automatically cover 400 million plus users (the biggest ID directory in the world).

    http://dev.live.com/

    Posted by: LoungeFly | September 12, 2008 2:52 PM



  14. So how does this work on mobile devices like the iPhone? Am I locked out unless I install the plugin?

    Posted by: factoryjoe.com Author Profile Page | September 13, 2008 11:29 AM



  15. Sarah: Whats your monetization strategy? You concept is interesting and so is the approach. Would be great if you can share some public details on how plan to make it a viable business.

    Posted by: sameer | September 13, 2008 4:26 PM



  16. Hi Sarah,
    may I ask what the other authentication method you were impressed with was?

    Many thanks in advance.

    Posted by: Dukeswharf | September 15, 2008 3:27 AM



  17. Whould be nice if you do not always use your own pc.

    Good post anyway

    Posted by: arkadaşlık | September 15, 2008 5:40 AM



  18. thanks for article please give us more info...

    Posted by: Oyunlar | September 24, 2008 3:00 AM



  19. Thanks for article.
    Please give us more info..Nice

    Posted by: Oyun | October 1, 2008 6:58 AM



The ReadWriteWeb Online Community Management Guide
RWW SPONSORS


FOLLOW @RWW ON TWITTER



RECENT JOBS


POPULAR TAGS

TEXT LINK ADS