Submission + - New Bank Authentication Scheme Debuts, Gets Hacked
An anonymous reader writes: Harvard and CommerceNet researchers report breaking Vidoop, a new two-factor graphical authentication scheme for banks. The scheme requires users to remember "image categories" to login and is supposedly invulnerable to phishing attacks, keyloggers and "all prevalent forms of hacking" (according to theri website and their TV commercial on YouTube). The researchers describe how they broke the scheme in a few hours with a man-in-the-middle attack, and they posted a video of the attack. This is related to the attack on Bank of America's SiteKey by the boarding pass hacker and to the Harvard study on SiteKey that shows how easily users get phished.