Vidoop looks to change image of sign-on

It’s a lesson that’s apparent to anyone who has ever raised a child, and likely anyone who remembers what it was like to be one — pictures are easier to remember than words.

Applied to the Internet, the concept can be used to help improve and simplify online authentication for end-users, while helping businesses bolster security and lower customer support costs, according to the minds behind Vidoop.

Launched in 2005 and set to bring its initial business products out of beta later this summer, Vidoop, based in Tulsa, Okla., is marketing a set of SSO (single-sign on) applications that use collections of randomized images to help users remember their passwords, and allow companies to add more complexity to their authentication systems.

Backed by a team of developers taken from Microsoft, the U.S. Navy, the National Institute of Standards & Technology (NIST), and a range of banking and healthcare firms, the company believes it can offer businesses a system that keeps customers happier and better protected when carrying out online transactions of almost any kind. It also offers a new type of authentication tool for remote workers.

By utilizing the system, in fact, the firm suggests it can eliminate the need for log-in passwords altogether.

“People remember visual imagery better than text, and the Number One source of calls to customer support centers are over lost passwords,” said Joel Norvell, co-founder and chief executive of Vidoop. “And people are continually compromising security by taping passwords to their machines or carrying them around on paper, but anyone can remember a simple set of image categories that are interesting to them, and that’s all you need to remember to use our system.”

To utilize Vidoop’s application, users sign up and select three picture categories from a range of different genres including cars, dogs, skyscrapers, computers, and the like.

Each time they attempt to log into a site or network supporting the tool, they are presented with a grid of twelve images, three of which represent the categories they have pre-selected.

In each image is a randomly generated, one-time access code in the form of a letter, and users simply enter the three letters corresponding to their images and are granted access to the site or IT system.

In addition, Vidoop requires that users register the devices from which they log-on via the application to further prevent the possibility of the system being compromised. The software currently works with PCs, but the company is already developing a version of the tool to be used with mobile devices.

Privately-held by a group of investors familiar with Norvell and his co-founder Luke Sontag, Vidoop’s president and a former identity management specialist at J.P. Morgan, the company is going to market under two business models.

Vidoop Secure, which will be aimed at financial services companies and other businesses — and also includes a version tailored to provide secure Web sign-on for Microsoft Exchange systems — will be launched later this summer.

Companies using the application will run the software on their own servers. Vidoop says it already has one Fortune 500 financial services customer and 40 regional banks piloting the program.

A second version, Myvidoop, is already available to consumers free of charge online and will work with any site that adopts the system or aligns with the OpenID Directory project, which includes more than 230 sites such as Digg.com and WordPress.

In another twist on its system, Vidoop is also selling the licensing rights for the images used in its system to companies looking to promote their products. By mousing over the images, users can learn more about the pictured items and even click through to the vendor’s Web site.

Companies using the system on their sites and the vendors hawking products in the images may also sign revenue-sharing agreements, Vidoop said. The system has an audit feature that allows users to monitor how their Vidoop accounts are being used to further prevent potential fraud.

“Our system is better than any traditional single sign-on because it requires human interaction to do it. Even if you had a keystroke logging program on your device, it can’t pick out the images and any access codes that get intercepted are useless in the future,” Norvell said. “We wanted to come up with something that had robust security but that was easy on the user, that could balance security with usability, and that’s what Vidoop does best.”