With the increase in the usage of mashups and widget/gadgets providing more personalized services from different providers on different sites (ex. netvibes.com, iGoogle gadgets, Facebook applications, etc..), and asking users to enter their login credentials at different sites, it is very important for all Identity Providers to provide any possible ways to reduce the need for the users to enter their secure login credentials multiple times from multiple locations. This is where exactly OpenID helps in providing a simple and open protocol to exchange user identities across the boundaries.
But with OpenID gaining more and more popularity all across the web to allow users to use their single account (from their trusted 'OpenID Provider') at many sites (called 'Relying Parties'), and also with the way OpenID protocol works by making the Relying Parties redirect users to the user's OpenID provider, there are some very valid security concerns about malicious Relying Parties out there redirecting the users to potential phishing sites that could steal user's credentials. So it is very important for the OpenID Providers to make sure they provide good ways for their users to be able to login more securely and be able to detect Phishing sites from legitimate sites. This is where exactly the 'Vidoop ImageShield' (also called 'RecoginitionAUTH') comes in to play to provide strong login technology that helps in fighting against these malicious attacks.
'Vidoop' (now called Confident Technologies) provides a very innovative multi-factor user login technology based on categorized images. It protects user's against brute force, keystroke logging, and phishing attacks, and also to a certain extent the man in the middle attacks (it does raise the bar for the man in the middle attacks though).
At AOL we had a chance to try out their 'ImageShield' technology since last few months. What we did is basically provide our AOL OpenID users (AOL users using their openid.aol.com/) with a way to secure their accounts by binding an 'ImageShield' password, so from next time when they try to login with their AOL OpenID at a 3rd party Relying Party site, instead of the traditional 'password', they can login securely using the 'ImageShield'. In that way they can make sure they are always signing in from the secure AOL login page and also make sure they are not giving away their 'real' password to any possible attackers. This has been deployed on our closed beta environment as a trial run to see how our beta OpenID users would feel about the overall user experience and of course the security of their accounts.
If you are visiting the Web 2.0 Expo in San Francisco this week, please drop by the Vidoop/Confident Technologies booth to see a demo of how this works with AOL OpenIDs.
At AOL we always want to provide strong authentication methods for our users to make sure they feel more secure about their online identity and how they can use their AOL Identity at various sites with out requiring to create yet another account. We have also recently announced our support for the Verisign VIP Credential, so AOL users can add the VIP OTP as a Strong 2nd factor authentication credential to their account. If you already have a Verisign VIP Credential from PayPal or eBay or usBank or charles SCHWAB or any other VIP Credential Provider, you can simple bind your AOL account with it. You can see this option in the Vidoop demo at the Web 2.0 Expo this week.