Thursday, May 13, 2010

Interesting Facebook Authentication

I just logged into Facebook while in Brazil, and was presented with an interesting challenge-response. Apparently, FB is doing some kind of profiling as to where you login (or alternatively, where lots of fake logins are happening).

After answering a captcha, I was presented with a series of photos from my friends list, and had to answer multiple choice questions, getting at least 4/7 correct.

I thought this was a compelling idea. The photos would be relatively hard for attackers to find, and not too hard for the owner to identify (unless you're one of those people that friend everyone they meet).

1 comment:

toomim said...

Awesome! Sounds like an implementation of this research idea from 2003!

http://portal.acm.org/citation.cfm?id=642738

Pering, T., Sundar, M., Light, J. and Want, R. (2003). Photo-graphic Authentication through Untrusted Terminals. IEEEPervasive Computing, 2(1), 30-36.