Innovative Login System A new way to login to a website

Hi,I came across this website http://forums.xisto.com/no_longer_exists/ which offers an innovative login system.In the traditional login system, a user is asked to enter a username and password besides many other personal information.In this website, to register the site creates an ID file that the user can download to the local hard drive. After registration, to login to the website, the user has to simply upload the registered ID file (browser and select ID file from local hard drive) and click on the Login Button.The user is then taken to the website which seems to be a search engine and submission service.All entries made in this site are then tagged on the basis of this ID file.Guru

well that would mean that I can login only from the computers which have that file downloaded...that is the biggest inconvenience that I see right now :Pand besides, why would such a login system be needed? I think that the traditional one, improved with an antispam (captcha) mechanism is good and secure enough...for now ..

Yeah it sounds good but this has so many security flaws that it's not even funny. If the users computer has already been cracked then the hacker just has to pay attention what that person does with that file, then have a field day with it.Then assuming this is done by php and mysql other hackers just have to write the right code and then upload it with that file. But of course for that to happen, this code would have to be open source or the server this website is has bad security.Again it is different however, as mentioned above it is a hassle and a inconvenience since that file would have to be computer specific in order to work.

I think now the site has switched over to the plain username/password scheme.

Very interesting idea but I agree with Saint Michael: way to many security issues. Good to see people are making an attempt and new things, though.

As nice as that sounds there are way too many things that are wrong from it. First of all, most people access secured systems from multiple computers which would mean you would have to store the file on all of them. Also, if you are using a public computer, you would have to remember to delete it before you leave that computer. Another issue is that one can learn how to decrypt these files and then make fake ones to access other users accounts. Finally, if a hacker was to get into the login code, they would be able to use these files to distribute malware and viruses since they gain access to your actual computer and not just the server. Overall, it could be a good idea but there are way to many security issues that would have to be addressed before any major system / company would use it.

but how if you lost your ID file or damaged in your computer I think that's not good ever

Atleast they tried something innovative. Such trial n error methords will surely lead to a groundbreaking new login system. But when you are plannin new systems you need to know the flaws of the previous system. And as far as I see it, there is hardly any problem with the current system!!

That's really cool and all, but it's pointless. For security reasons and because lets say you ruin your computer, you cant use the website anymore! I think thats annoying... Especially if its the type of website where you gain credits like Xisto or you have a post count or whatever. It's never nice to have to start over with anything. Either way, I dont see a point of this besides being original and attracting visitors. Thanks though.

I found the idea and all of the members comments quite interesting, but even without all of the security flaws, It would still annoy me having to log in this way. Typing my username and password is MUCH easier to me than locate it on your hard drive click choose and upload it to the server. I just plain prefer typing. Also If you are so keen on skipping the login process, all one needs its a browser with an auto complete feature and next time they visit the website they are automatically logged in without having to do anything at all. I noticed that everybody complained about the security features about this, but failed to mention how rather than being a nice time-saving feature, it actually would take more time.

Resetting passwords with that thing would be interesting. Likewise changing other information. I guess this would get rid of account activiation e-mails. I guess instead of "Forgot Password?" it would be "Forgot File?" I wonder if that would put extra load on the server than traditional user login systems.

To be frank, it's a crap idea. This login system limits you to login on one PC, or having to register each time on a new computer. Some people are not allowed to download on their computers, whether that be because their banned to do that or their using someone elses computer. This will not catch on, it's a new idea, yes, but not a good one.

Yeah it sounds good but this has so many security flaws that it's not even funny. If the users computer has already been cracked then the hacker just has to pay attention what that person does with that file, then have a field day with it.
Then assuming this is done by php and mysql other hackers just have to write the right code and then upload it with that file. But of course for that to happen, this code would have to be open source or the server this website is has bad security.

Again it is different however, as mentioned above it is a hassle and a inconvenience since that file would have to be computer specific in order to work.

I think the best and the most safe way to make a "good" login system is a CMS system. But you can also try to see this site http://forums.xisto.com/no_longer_exists/

The site is a site for "computer people"

Not all websites use CMS software for login scripts, as some log in systems are very specific like the posted above, on top of that a CMS log in system is pretty limited to just that software, and so if you have a network of websites, wouldn't it be more prudent to have a universal login system instead of creating several logins under the same site? That is what yahoo, Microsoft, and I believe google are working on a universal network login system in which a user just has to login once and they will have access to all the services.

I dont like it mostly since i use school computers thated mean id have to download it to 10 computers that i use in school then the file gets erased evrey night from school. The program is ok but for me being high school wouldnt have time.