Vidoop was founded in 2006 in Tulsa, Oklahoma. As of March 2006 it had 4 employees and would initially reveal only that it was developing a novel login solution that hides an access code in plain sight. After over a year of secretive development and testing, the company launched its product, Vidoop Secure, at the Web 2.0 Expo in San Francisco, California on 2007-04-17. Luke Sontag, a co-founder, gave a presentation at the expo demonstrating the technology and further announced that an unnamed Fortune 500 company would be replacing its login system with Vidoop by July 2007.
Products
Vidoop's core technology is the Vidoop Dynamic Image Grid, a login tool that powers Vidoop Secure and thus . The company also sells advertising space, allowing a company to place its products as images in the grid. There are currently two multi-national advertisers: Smart USA and ConocoPhillips. One regional advertiser: Mazzio's. And one local advertiser: Jackie Cooper Imports.
Vidoop Secure
Vidoop Secure is a user login technology based on categorized images. When a user enrolls in a system implementing the technology, he chooses from several categories of images. Furthermore, the user's computer is "activated" with a cookie, which is only provided upon the user's confirmation of a code transmitted either by email or by phone via voice or text message. At the time of login, if the cookie is found, a grid of images is displayed that includes pictures belonging to the user's chosen categories. The user selects these images by typing the randomized letter associated with each of his images, forming his access code.
myVidoop.com
is an OpenID provider run by Vidoop and powered by Vidoop Secure. As an OpenID provider, myVidoop.com is part of the movement that aims to provide a decentralized framework for a web single sign-on.
Criticisms
Vidoop has met with criticism regarding the claims of their technology's resistance to hacking. For example, researchers at CommerceNet have described a possible attack, and also published a of a man-in-the-middle attack executed against myVidoop.com, both on the CommerceNet weblog. Additionally, questions have been raised about the accessibility of Vidoop Secure to those with visual impairments. Vidoop's authentication scheme essentially consists of a very short secret and a "pre-authorization" cookie. A users' shared secret is a set of 3–5 categories out of a possible 12, which is only 8–10 bits of entropy. Vidoop allows users to enter in their categories in at least two possible orders, reducing the effective secret by a bit. An attacker in possession of the pre-authorization cookie could guess 1-2% of passwords in the three given trials.