First, if you were to try to attack you described, by activating a computer and then successively reloading the grid to try to see which categories appeared every time, you would see the same set of categories on each reload. Every user has a “category bundle”, which is the full set of categories his grid shows each and every time it pops.

That does make sense, and I would be a bit more comfortable using that now. I just don’t see sites breaking away from the standard text-based passwords because of the initial confusion it would cause users.

Thanks for writing the piece. We appreciate your interest and the attention you’re giving Vidoop.

A quick response may be in order, though. First, if you were to try to attack you described, by activating a computer and then successively reloading the grid to try to see which categories appeared every time, you would see the same set of categories on each reload. Every user has a “category bundle”, which is the full set of categories his grid shows each and every time it pops.

As for getting your computer lost or stolen, that’s part of the effectiveness of a two-factor authentication system — even when one part is compromised, the other still stands in the way of the thief. Plus, you can sign into myVidoop and immediately deactivate the missing computer’s soft token.

Anyway, thanks so much for mentioning us. If you have any questions I’d be happy to answer them for you.

George