.

Category: ImageGrid

VidoopCAPTCHA: Avoiding a more craptastic CAPTCHA by changing the game

Rick Turoczy on April 7, 2009

VidoopEver tried to do something on a site that uses CAPTCHA? You know, the Completely Automated Public Turing Test To Tell Computers and Humans Apart?

Oh. Well, how about the technology designed to prevent bots from submitting forms that requires us to enter a “human readable” element before submitting?

Um. Okay. The squiggly letters? You know the squiggly letters? The ones you can never read? The ones that force you through three or four attempts at submitting a form? The ones that make you wonder if you are, in fact, a bot?

There you go. That’s CAPTCHA.

The concept and CAPTCHA started simply enough, according to Wikipedia:

Moni Naor was the first person to theorize a list of ways to verify that a request comes from a human and not a bot. Primitive CAPTCHAs seem to have been developed in 1997 by Andrei Broder, Martin Abadi, Krishna Bharat, and Mark Lillibridge to prevent bots from adding URLs to their search engine. In order to make the images resistant to OCR (Optical Character Recognition), the team simulated situations that scanner manuals claimed resulted in bad OCR. In 2000, Luis von Ahn and Manuel Blum coined the term ‘CAPTCHA’, improved and publicized the notion, which included any program that can distinguish humans from computers. They invented multiple examples of CAPTCHAs, including the first CAPTCHAs to be widely used, which were those adopted by Yahoo!.

But as optical character recognition has improved and bots have become smarter, it’s been going downhill—faster and faster—ever since.

They latest iteration of CAPTCHAs and reCAPTCHAs have taken a variety of forms: more and more obscured text, increasingly wiggly text with multiple “words,” unintelligible audio, increasingly complicated math problems… but none of them seems to get to the crux of the issue: allowing an average human to do what they came to do.

I mean, this is the CAPTCHA from arguably the most powerful company in the world, that little search company down in Mountain View.

Google CAPTCHA

Right. I can’t read it either.

There has to be a better way.

Enter Portland-based Vidoop and their image grid technology.

To date, Vidoop’s recognizable image grid technology has been used to obfuscate passwords for an OpenID login, enabling users to use OpenID without having to remember other credentials.

But what dawned on the folks at Vidoop is that the image grid also made a pretty darn simple CAPTCHA device. What’s more, it was actually intelligible to a human.

Introducing VidoopCAPTCHA, a CAPTCHA that stops the craptastic slide of increasingly horrible CAPTCHAs by taking the concept in an entirely new direction.

The image grid password concept allowed users to select a few favorite things that they were to remember instead of a password—like rainbows, unicorns, and teddy bears. Then when they logged into a site using their myVidoop name, they simply selected the letters from those images as their password.

VidoopCAPTCHA takes the same tact, telling users to look for specific images and then asking them to type in the letters from those images. Simple, easy to use, and just as effective protection as the image grid for passwords.

VidoopCAPTCHA

And like the previous implementations of image grid technology, VidoopCAPTCHA has the potential to allow users of the service to insert their own images into the grid. Which, in most cases, results in an advertisement.

According to ReadWriteWeb’s coverage of VidoopCAPTCHA:

There’s a business model here, too. Vidoop says that if this system catches on, site owners will be able to sell spots in their image boxes to advertisers. The concentration required in order to identify these images would be a huge gift to advertisers placed there. There’s something a little troubling about that prospect, but the company says that in a survey so large they believe it’s nationally representative and most other people don’t mind.

Verdict: VidoopCAPTCHA is humane CAPTCHA

As a user, I found the image grid approach much easier to use than the prevailing text-based concepts. Were I a current CAPTCHA user, I’d implement VidoopCAPTCHA, today.

But is VidoopCAPTCHA enough to motivate folks to implement a CAPTCHA solution? I don’t know about that. But I do know that if you’re interested in deploying CAPTCHA, the imagery is far more legible and usable than the current squiggly text—at least to my eye. (And I’d say that even if Vidoop weren’t a Portland company.)

And I also know that if you’re a current CAPTCHA user, it would be well worth your time to take a look at VidoopCAPTCHA. Your users will thank you for it. Or at the very least, be able to communicate with you without screaming expletives at the screen.

For more information or to test drive the product, visit VidoopCAPTCHA.

[HTML1]

Vidoop ImageShield + AOL OpenID = 100 million+ potential Vidoop users

Rick Turoczy on July 10, 2008

Portland-based Vidoop‘s ImageShield technology has been purported to be one of the most unhackable credential schemes on the market. It’s been tested, time and time again.

But today, the real testing begins.

Why? Because today a little online-service provider named AOL just released Vidoop ImageShield technology to each and every one of its users—each of whom have an AOL-based OpenID.

AOL OpenID featuring Vidoop Image Shield

Now, it’s no secret that this has been in the works. AOL has been forthright about the fact that it has been testing the technology. But it’s been a private BETA:

At AOL we had a chance to try out their ‘ImageShield’ technology since last few months. What we did is basically provide our AOL OpenID users (AOL users using their openid.aol.com/) with a way to secure their accounts by binding an ‘ImageShield’ password, so from next time when they try to login with their AOL OpenID at a 3rd party Relying Party site, instead of the traditional ‘password’, they can login securely using the ‘ImageShield’. In that way they can make sure they are always signing in from the secure AOL login page and also make sure they are not giving away their ‘real’ password to any possible attackers. This has been deployed on our closed beta environment as a trial run to see how our beta OpenID users would feel about the overall user experience and of course the security of their accounts.

Not anymore. Now, as the screenshot above illustrates, Vidoop’s technology is accessible to the public.

I hear you. “So what?” Well, the “so what” is this…

For OpenID logins, Vidoop’s ImageShield technology has generally been available to users of myVidoop. And that’s been about it.

And as much as I respect the Vidoop team and their accomplishments, I feel pretty safe saying that the myVidoop user base is slightly less than the AOL user base. Just a smidge.

But now? Now there is no difference.

Now, the Vidoop ImageShield user base is the AOL user base. Because Vidoop ImageShield is accessible to more than 100 million AOL users.

And, if I had to guess, I would say that that potential—the potential to have more than 100 million people using Vidoop technology to log in to OpenID-enabled sites—would make Vidoop ImageShield about the widest deployment of OpenID-based authentication technology on the market.

And that, my friend, is a big win for Vidoop. And for OpenID.

For more information on Vidoop ImageShield, visit Vidoop. For more on AOL and OpenID, visit OpenID Central on the AOL Developer Network.

(And, as always, please feel free to use your myVidoop, AOL, MyOpenID, or other relying party OpenID to comment.)

[Update July 11, 2008] TechCrunch has picked up the Vidoop ImageShield and AOL OpenID story, meaning it might get slightly more pick up now. Great to see Vidoop getting this recognition on a much, much larger stage.