Hi,

I came across this website www.planmylifestyle.com which offers an innovative login system.

In the traditional login system, a user is asked to enter a username and password besides many other personal information.

In this website, to register the site creates an ID file that the user can download to the local hard drive.

After registration, to login to the website, the user has to simply upload the registered ID file (browser and select ID file from local hard drive) and click on the Login Button.

The user is then taken to the website which seems to be a search engine and submission service.

All entries made in this site are then tagged on the basis of this ID file.

Guru

well that would mean that I can login only from the computers which have that file downloaded...that is the biggest inconvenience that I see right now
and besides, why would such a login system be needed? I think that the traditional one, improved with an antispam (captcha) mechanism is good and secure enough...for now ..

Yeah it sounds good but this has so many security flaws that it's not even funny. If the users computer has already been cracked then the hacker just has to pay attention what that person does with that file, then have a field day with it.

Then assuming this is done by php and mysql other hackers just have to write the right code and then upload it with that file. But of course for that to happen, this code would have to be open source or the server this website is has bad security.

Again it is different however, as mentioned above it is a hassle and a inconvenience since that file would have to be computer specific in order to work.

I think now the site has switched over to the plain username/password scheme.

Very interesting idea but I agree with Saint Michael: way to many security issues. Good to see people are making an attempt and new things, though.

As nice as that sounds there are way too many things that are wrong from it. First of all, most people access secured systems from multiple computers which would mean you would have to store the file on all of them. Also, if you are using a public computer, you would have to remember to delete it before you leave that computer. Another issue is that one can learn how to decrypt these files and then make fake ones to access other users accounts. Finally, if a hacker was to get into the login code, they would be able to use these files to distribute malware and viruses since they gain access to your actual computer and not just the server. Overall, it could be a good idea but there are way to many security issues that would have to be addressed before any major system / company would use it.

but how if you lost your ID file or damaged in your computer I think that's not good ever

Atleast they tried something innovative. Such trial n error methords will surely lead to a groundbreaking new login system. But when you are plannin new systems you need to know the flaws of the previous system. And as far as I see it, there is hardly any problem with the current system!!

That's really cool and all, but it's pointless. For security reasons and because lets say you ruin your computer, you cant use the website anymore! I think thats annoying... Especially if its the type of website where you gain credits like Trap17 or you have a post count or whatever. It's never nice to have to start over with anything. Either way, I dont see a point of this besides being original and attracting visitors.

Thanks though.