Vidoop LLC was a privately held company based in

Portland, Oregon Portland (, ) is a port city in the Pacific Northwest and the largest city in the U.S. state of Oregon. Situated at the confluence of the Willamette and Columbia rivers, Portland is the county seat of Multnomah County, the most populou ...

. Its flagship product was Vidoop Secure, a login solution designed to function without traditional passwords, which Vidoop claimed was resistant to

brute force Brute Force or brute force may refer to: Techniques * Brute force method or proof by exhaustion, a method of mathematical proof * Brute-force attack, a cryptanalytic attack * Brute-force search, a computer problem-solving technique People * Brut ...

keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

, and some

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

s. On 30 May 2009, Vidoop announced that it was going out of business.

Founding and Launch

Vidoop was founded in 2006 in

Tulsa, Oklahoma Tulsa () is the second-largest city in the U.S. state, state of Oklahoma and List of United States cities by population, 47th-most populous city in the United States. The population was 413,066 as of the 2020 United States census, 2020 census. ...

. As of March 2006 it had 4 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the Web 2.0 Expo in

San Francisco, California San Francisco (; Spanish for "Saint Francis"), officially the City and County of San Francisco, is the commercial, financial, and cultural center of Northern California. The city proper is the fourth most populous in California and 17th ...

on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007.

Products

Vidoop's core technology is the Vidoop Dynamic Image Grid, a login tool that powers Vidoop Secure and thu
myVidoop.com
The company also sells advertising space, allowing a company to place its products as images in the grid. There are currently two multi-national advertisers: Smart USA (a division of Daimler) and

ConocoPhillips ConocoPhillips Company is an American multinational corporation engaged in hydrocarbon exploration and production. It is based in the Energy Corridor district of Houston, Texas. The company has operations in 15 countries and has production ...

(Phillips66, Conoco, and 76 brand gas stations). One regional advertiser: Mazzio's. And one local advertiser: Jackie Cooper Imports (A local Tulsa, OK auto dealer).

Vidoop Secure

Vidoop Secure is a user login technology based on categorized images. When a user enrolls in a system implementing the technology, he chooses from several categories of images (such as

airplanes An airplane or aeroplane (informally plane) is a fixed-wing aircraft that is propelled forward by thrust from a jet engine, propeller, or rocket engine. Airplanes come in a variety of sizes, shapes, and wing configurations. The broad spectr ...

cars A car or automobile is a motor vehicle with wheels. Most definitions of ''cars'' say that they run primarily on roads, seat one to eight people, have four wheels, and mainly transport people instead of goods. The year 1886 is regarded as t ...

, or

keys Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (ma ...

). Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by

email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...

or by phone via voice or

text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile devices, desktops/ laptops, or another type of compatible compu ...

. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.

myVidoop.com

myVidoop.com
is an

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provid ...

provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.

Criticisms

Vidoop has met with criticism regarding the claims of their technology's resistance to hacking. For example, researchers at

CommerceNet CommerceNet is a 501(c)6 organization established in 1994 to promote electronic commerce on the Internet. The organisation initially focused on industry-wide research and programs that have advanced the commercial use of the Internet. History Comme ...

have described a possible attack, and also published
video
of a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet

weblog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

. Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments. Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3–5 categories out of a possible 12, which is only 8–10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.

References

{{Reflist

External links

Vidoop LLC websitemyVidoop.comVideo of a MITM attack against myVidoop.com
2006 establishments in Oregon 2009 disestablishments in Oregon American companies established in 2006 American companies disestablished in 2009 Computer access control Defunct software companies of the United States Software companies established in 2006 Software companies disestablished in 2009