[Cryptography] [FORGED] Re: So please tell me. Why is my solution wrong?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Feb 8 03:13:01 EST 2017
Bill Cox <waywardgeek at gmail.com> writes:
>I just read it, and I think the main idea is clever. Show the user a secret
>picture whenever they authenticate. This could help defend against phishing
>attacks.
Nope, it doesn't. We have about fifteen years' worth of both research and
real-world results showing that site images don't work. It's a great idea,
sure, it's just one that doesn't actually work in practice.
Peter.
More information about the cryptography
mailing list