Discussions

News: Transec, a tag library for secure input from web apps, released under GPL

  1. Micromata has released their secure input tag library Transec under the GPL. Transec protects data from spyware interception by presenting a virtual keyboard to capture input. The client side never actually contains the entire input field, only images and coordinates, which makes capture by spyware or other malicious software very difficult. Transec is meant for input of passwords or PIN numbers. A commercial license with support is also available, as is an online demo. Message was edited by: joeo@enigmastation.com

    Threaded Messages (6)

  2. A virtual keyboard[ Go to top ]

    Sounds like a nice concept but its not a good customer experience. using the virual keyboard for every data entry you make ... too much. Also the keyboard refreshes on every character click. Thats very very slow and basd customer experience. but its a novel idea.
  3. demo isn't good enough[ Go to top ]

    I just checked their demo, UI user experience point of view, this sucks. Though concept is innovative. If they can combine ajax + image manipulation, they might work.
  4. Re: demo isn't good enough[ Go to top ]

    Not a good implementation yet. Thats an old idea, internet bank sites here in Brazil use this already for ~1 year.
  5. Re: demo isn't good enough[ Go to top ]

    User experience? For input of a 4-10 character pin-code or similar? I dont know, but the security solution I currently use through my bank sucks in the user experience department, but I dont give a rats ass about that as long as it is secure. It not like youre supposed to write a book using that. What I miss from the site is a thorough outline of the security threats which this solution address, and, more importanly, which it does not address.
  6. Very nice.[ Go to top ]

    This approach rocks! I've seen a similar javascript based control for securely entering a pin number, but in the end all it did was to write the pin back to a standard input html element, which would then be submitted with the form.
  7. This provides better security than a username/password combination, it guards against key stroke loggers. However it would be possible to snoop a password by using screen capture software. To deter against any kind of snooping software you would need "one off" passwords. Secure id cards, small digital cards you carry around with you, provide this mechanism by displaying a new code every few seconds. An SMS based solution where the user enters their details in a logon form, then a pin number is sent to their mobile phone which must be entered before they can continue. This provides both a good authentification system and a warning that access is being attempted. Website Monitoring