News: Transec, a tag library for secure input from web apps, released under GPL
Micromata has released their secure input tag library Transec under the GPL. Transec protects data from spyware interception by presenting a virtual keyboard to capture input. The client side never actually contains the entire input field, only images and coordinates, which makes capture by spyware or other malicious software very difficult. Transec is meant for input of passwords or PIN numbers. A commercial license with support is also available, as is an online demo. Message was edited by: email@example.com
- Posted by: Thomas Landgraf
- Posted on: November 10 2006 11:15 EST
- A virtual keyboard by shawn spencer on November 10 2006 13:56 EST
- Very nice. by Ioannis Cherouvim on November 10 2006 15:55 EST
- Re: Transec, a tag library for secure input from web apps, relea by Ian Purton on November 15 2006 09:02 EST
Sounds like a nice concept but its not a good customer experience. using the virual keyboard for every data entry you make ... too much. Also the keyboard refreshes on every character click. Thats very very slow and basd customer experience. but its a novel idea.
I just checked their demo, UI user experience point of view, this sucks. Though concept is innovative. If they can combine ajax + image manipulation, they might work.
Not a good implementation yet. Thats an old idea, internet bank sites here in Brazil use this already for ~1 year.
User experience? For input of a 4-10 character pin-code or similar? I dont know, but the security solution I currently use through my bank sucks in the user experience department, but I dont give a rats ass about that as long as it is secure. It not like youre supposed to write a book using that. What I miss from the site is a thorough outline of the security threats which this solution address, and, more importanly, which it does not address.
This provides better security than a username/password combination, it guards against key stroke loggers. However it would be possible to snoop a password by using screen capture software. To deter against any kind of snooping software you would need "one off" passwords. Secure id cards, small digital cards you carry around with you, provide this mechanism by displaying a new code every few seconds. An SMS based solution where the user enters their details in a logon form, then a pin number is sent to their mobile phone which must be entered before they can continue. This provides both a good authentification system and a warning that access is being attempted. Website Monitoring