Fun security features

Part of the login process for Moneygram.com involves the display of an image you’ve preselected when creating your account, to help confirm that you’re really where you think you are and not some fake site trying to steal your money. This is a cool idea that seems to be used by lots of financial websites, but it always seemed flawed to me because you’re given a very limited image set. It seems like it couldn’t be that hard for a malicious person to eventually acquire a big enough subset of images to randomly display and get a few correct hits.

What Moneygram does differently (from what I’ve seen, have you seen other sites do this?) is allow you to add your own personal phrase to the image. I think this is great, especially because the phrase I chose, paired with my image, makes me laugh everytime I see it, and I know it’s definitely the right site. It’s this kind of personalization that seems to be severely lacking in a lot of security “confirmation” techniques. Honestly, it wouldn’t take a genius to figure out where I went to elementary school, or the ever-popular mother’s maiden name.

The key here is that you’re recognizing a specific thing, as opposed to having to recall it, which is much more difficult. People hate passwords mainly because it isn’t easy to remember a bunch of different, complicated code words/phrases. But it’s really easy to recognize something unique, especially if you created it. It seems like this could somehow be a viable alternative to passwords. I’m not going to try and propose an actual solution here, but if we could make authentication more about recognition (and fun) and less about memorization and bland alphanumeric strings, our online interactions might be made a lot more secure.