CryptoPhoto literally blocks phishing. Potential victims cannot be tricked into revealing passwords - not by web sites, not by phone calls, and not in person.
CryptoPhoto neutralizes stolen passwords. Keyloggers and shoulder surfing are no longer useful threats to attackers or observers.
The CryptoPhoto API is easy to understand, easy to incorporate into your existing web site, and provides immediate and substantial security improvements.
Every token is unique - having random row and column codes (2 billion permutations) and random grids of photos (drawn from a massive stock library of hand-selected visually distinct non-controversial royalty free images).
Codes are all cryptographically secure.
CryptoPhoto tokens are all password protected, and CryptoPhoto SmartPhone APPs can also be independently passwords protected - stolen tokens or lost codes cannot be used by others.
No algorithms or seeds exist which can be used to infer or compute token security data.
CryptoPhoto adds genuine high-security 2-factor authentication to online services. Customers use their first "factor" (their username and password) via their browser, and their second factor (their physical token or smartphone app) verifies both the customer (to the site) at the same time as verifying the site to the customer.
CryptoPhoto includes the additional protection of two-way authentication as well as the whole range of security benefits shown above.
The CryptoPhoto smartphone apps all feature second-channel credential transport, protecting you against live and sophisticated phishing and man-in-the-middle attacks.
Want to know more? Please email or phone (Free call Australia) 1800 CRYPTO. We welcome all comments, questions, suggestions, or improvements.
For the first time, CryptoPhoto offers legitimate web sites a means to strongly "authenticate" with users during the login process. Sites do this by showing one image to the user from from their token. Imposter sites are unable to guess images on users tokens, so this blocks phishing. ("blocks", as opposed to "mitigates", because the correct image is needed by the user to locate their row/col passcode - without the correct image, the user is blocked from accidentally logging into the wrong place, as well as alerted to the potential scam taking place)
The row and column codes are different for subsequent logins, neutralizing keylogger problems as well.
Images from the token are chosen for display to the user, such that the display order is random (true random, not any algorithm subsequent to theft, like the recent RSA breakin), and images are not repeated. Upon exhaustion, the token can either be discarded/replaced, or re-used, depending on the issuing party's or users security preferences.