Vidoop LLC was a privately held company based in
Portland, Oregon
Portland ( ) is the List of cities in Oregon, most populous city in the U.S. state of Oregon, located in the Pacific Northwest region. Situated close to northwest Oregon at the confluence of the Willamette River, Willamette and Columbia River, ...
. Its flagship product was Vidoop Secure, a login solution designed to function without traditional passwords, which Vidoop claimed was resistant to
brute force,
keystroke logging
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitore ...
,
phishing
Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
, and some
man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...
s. On 30 May 2009, Vidoop announced that it was going out of business.
Founding and Launch
Vidoop was founded in 2006 in
Tulsa, Oklahoma
Tulsa ( ) is the List of municipalities in Oklahoma, second-most-populous city in the U.S. state, state of Oklahoma, after Oklahoma City, and the List of United States cities by population, 48th-most-populous city in the United States. The po ...
. As of March 2006 it had 4 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the
Web 2.0 Expo in
San Francisco, California
San Francisco, officially the City and County of San Francisco, is a commercial, Financial District, San Francisco, financial, and Culture of San Francisco, cultural center of Northern California. With a population of 827,526 residents as of ...
on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007.
Products
Vidoop's core technology is the Vidoop Dynamic Image Grid, a login tool that powers Vidoop Secure and thu
myVidoop.com The company also sells advertising space, allowing a company to place its products as images in the grid. There are currently two multi-national advertisers:
Smart USA (a division of Daimler) and
ConocoPhillips
ConocoPhillips Company is an American multinational corporation engaged in hydrocarbon exploration and production. It is based in the Energy Corridor district of Houston, Texas.
The company has operations in 15 countries and has production in t ...
(Phillips66, Conoco, and 76 brand gas stations). One regional advertiser:
Mazzio's. And one local advertiser: Jackie Cooper Imports (A local Tulsa, OK auto dealer).
Vidoop Secure
Vidoop Secure is a user login technology based on categorized images. When a user enrolls in a system implementing the technology, he chooses from several categories of images (such as
airplanes
An airplane (American English), or aeroplane (Commonwealth English), informally plane, is a fixed-wing aircraft that is propelled forward by thrust from a jet engine, propeller, or rocket engine. Airplanes come in a variety of sizes, shapes, ...
,
cars
A car, or an automobile, is a motor vehicle with wheels. Most definitions of cars state that they run primarily on roads, seat one to eight people, have four wheels, and mainly transport people rather than cargo. There are around one billio ...
, or
keys
Key, Keys, The Key or The Keys may refer to:
Common uses
* Key (cryptography), a piece of information needed to encode or decode a message
* Key (instrument), a component of a musical instrument
* Key (lock), a device used to operate a lock
* ...
). Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by
email
Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
or by phone via voice or
text message
Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile phones, tablet computers, smartwatches, desktop computer, des ...
. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.
myVidoop.com myVidoop.com
is an
OpenID
OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provi ...
provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.
Criticisms
Vidoop has met with criticism regarding the claims of their technology's resistance to hacking. For example, researchers at
CommerceNet
CommerceNet is a 501(c)6 organization established in 1994 to promote electronic commerce on the Internet.The company was initially founded by Murray Sherwood and Martin Blackburn who sold it to A.T and T in 1996. The organisation initially focused ...
have described a possible attack, and also published
videoof a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet
weblog
A blog (a Clipping (morphology), truncation of "weblog") is an informational website consisting of discrete, often informal diary-style text entries also known as posts. Posts are typically displayed in Reverse chronology, reverse chronologic ...
.
Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments.
Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3–5 categories out of a possible 12, which is only 8–10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.
See also
*
CAPTCHA
Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) ( ) is a type of challenge–response authentication, challenge–response turing test used in computing to determine whether the user is human in order to de ...
*
Two-factor authentication
Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or Application software, application only after successfully presenting two or more distin ...
*
OpenID
OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provi ...
References
{{Reflist
External links
Vidoop LLC websitemyVidoop.comVideo of a MITM attack against myVidoop.com
2006 establishments in Oregon
2009 disestablishments in Oregon
American companies established in 2006
American companies disestablished in 2009
Computer access control
Defunct software companies of the United States
Software companies established in 2006
Software companies disestablished in 2009