When Phishing Attacks the Web Kaje Fights Back with Picture Passwords

Share Article

The recent breach of privacy on iCloud was due to thefts of text passwords. If iCloud offered Picture Passwords, this would not have happened.

Three actions on a picture replace an eight character text password

Pittsburgh Skyline with Kaje Picture Password

Research by NIST has shown that Picture Passwords are easier to remember and safer than text passwords.

So far nobody really knows how hackers stole the usernames and passwords that gave the thieves access to private pictures and data about targeted Hollywood actresses, but it is almost certainly spear phishing – sending email with a counterfeit link. In spear phishing, the link can appear remarkably legit and urgent but once you log in, the thief knows a username and password that you use. Another type of spear phishing is snooping a particular person on WiFi at a public event. If the legitimate sites let people use a Kaje Picture Passwords to log in the phishers would not have succeeded. “Kaje” is pronounced just like the English word “cagey” which means “shrewd, crafty, and tricky,” and to spear phishermen, it is.

Bright Plaza offers the Kaje Picture Service to every web site that wants to provide a phisher-proof picture password login to their customers, particularly high value target customers that may be more subject to password theft. Unlike text passwords, even a Wi-Fi attack doesn’t work because the picture password never leaves the browser. We even offer the service to iCloud, if they want it!

Gary Bickford, VP at Bright Plaza noted, "If you take the Kaje Picture Password option you can be assured that the phisher that asks for your text password is, in fact, a phisher. He can't give you your picture to ask for a login, let alone record your picture password actions. If you see the picture you uploaded, you can confidently draw a few lines on the picture, and login."

For websites, Kaje offers a reduction in risk in the potential cost of breaches, along with improved ease of use for their users. The picture also acts just like a Site Key picture to protect against the phisher man-in-the-middle attacks. To check it out, just go to http://ka.je, and click on “try me,” or, even simpler, click on “videos” and watch the short Youtube videos.

About Bright Plaza:
Bright Plaza, Inc., established in 1982, has been at the forefront of many leading edge computing and internet technologies including machine vision, internet systems, and online security. Its principals have been awarded numerous patents, including self-encrypting hard drives and the technology underlying the Kaje service and Proofs of Knowledge on the web. Kaje Picture Passwords on the Web provides a more secure, easier to use alternative to text passwords for website users and improves the security model for business websites. For more information, visit Kaje at http://ka.je/.

Bright Plaza Contact:
Monica Sprung

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Gary Bickford

Monica Sprung
Visit website