When Phishing Attacks the Web Kaje fights back with Picture Passwords

(Ping! Zine Web Tech Magazine) – The recent breach of privacy on iCloud was due to thefts of text passwords. If iCloud offered Picture Passwords, this would not have happened.

Gary Bickford, VP at online privacy and security firm Bright Plaza, responded to news of the iCloud hack,”Using Kaje Picture Passwords®, you can be assured that the phisher who asks for your text password is, in fact, a phisher. He can’t give you your picture to ask for a login, let alone record your picture password actions. If you see the picture you uploaded, you can confidently draw a few lines on the picture, and login.”

So far nobody really knows how hackers stole the usernames and passwords that gave the thieves access to private pictures and data about Hollywood actresses, but it is almost certainly spear phishing – sending email with a counterfeit link. In spear phishing, the link can appear legit and urgent but once you log in, the thief knows a username and password that you use. Another type of
spear phishing is snooping a particular person on WiFi at a public event. If the legitimate sites had let people use Kaje Picture Passwords® to log in the phishers would not have succeeded. “Kaje®” is pronounced just like the English word “cagey” which means “shrewd, crafty, and tricky,” and to spear phishermen, it is.

Bright Plaza offers the Kaje Picture Password Service to every web site that wants to provide a phisher-proof picture password login to their customers, particularly high value target customers that may be more subject to password theft. Unlike text passwords, even a Wi-Fi attack doesn’t work because the picture password never leaves the browser. We even offer the service to iCloud, if they want it!

For websites, Kaje offers a reduction in risk in the potential cost of breaches, along with improved ease of use for their users. The picture also acts just like a Site Key picture to protect against the phisher man-in-the-middle attacks. To check it out go to http://ka.je, and click on “Try me,” or, click on “Videos” and watch the short YouTube videos.

About Bright Plaza:
Bright Plaza, Inc., established in 1982, has been at the forefront of many leading edge computing and internet technologies including machine vision, internet systems, and online security. Its principals have been awarded numerous patents, including self-encrypting hard drives and the technology underlying the Kaje service andProofs of Knowledge on the web.