Kaje™ Picture Passwords

Integration with the Kaje™ Picture Passwords authentication service.

Who should use this module
The Kaje™ Picture Passwords service serves as a proof of knowledge replacement for typed passwords or PINs. Picture passwords are more secure than typed passwords. A site using typed passwords can consider providing the option to mouse-in or touch-in their password instead.

About picuture passwords
Kaje™ Picture Passwords is an implementation of the U.S. National Institutes of Standards Picture Password recommendation for user logins (NISTIR 7030), with a special touch. This module integrates with the Kaje™ Picture Passwords authentication service, using their API.

The Kaje™ Picture Passwords service is a proof-of-knowledge replacement for typed passwords. Picture passwords are superior in every way to typed passwords. With only three actions (i.e. swipes or taps) you get the strength of eight typed alphanumeric-symbol characters.

When users change their pictures, their picture passwords are easier to remember than their typed passwords. This is a fact of human recognition memory.

Module classification: Easy, Intermediate, Advanced, Engineering
This module is classified intermediate. It requires installing the module, registering on the Kaje site and adding Requesting Party ID and Secret through the admin interface provided by the module.

Module status: Advanced Quality Badge
This module is awarded a Top Shelf Modules Advanced Quality Badge that denotes its code quality and adherence to Drupal best practices standards and meets our tough standards for a robust and reliable module that is well maintained.

Sponsorship
This module is sponsored by Kaje™ Picture Passwords.

Dependencies
This module is lightweight, self-contained and has no dependencies.

Road map
Additional features are planned but no release date has been set. Please request features in the issue queue for this project.

Video Tutorials
Kaje™ Picture Passwords - User Experience
Kaje™ Picture Passwords - Touch Navigation
Kaje™ Picture Passwords - Requesting Party Signup

About this module
This module integrates with the Kaje™ Picture Passwords authentication service, using their API. It adds to core's login form a button for visitors to mouse-in or touch-in their password instead of typing their password. The workflow with Kaje is as follows:

• To first create a Kaje account the user enters their Drupal username and password and presses "Log in with Kaje" button.
• Drupal authenticates and instigates the creation of a new account on Kaje that it links to the Drupal user name.
• Kaje pops up a modal box for the user to upload their picture and superimpose their password swipes and taps.
• They continue on to the site.
• For subsequent logins the user no longer types their password, but enters just their username and presses "Log in with Kaje" to swipe their password.

General points

• Users login via Kaje using their existing Drupal usernames. No need to sign up with Kaje separately for an account.
• Administrators can manage users' Kaje accounts directly from Drupal.
• The status of the Kaje service is automatically checked before offering Kaje as a login option.

While users do not need to sign up with Kaje, the website administrator does need to register a free Kaje account to obtain a Requesting Party Id and Secret and enter these on the module's configuration page. Once you've confirmed you have HTTPS rights on your site, you are good to go. The Kaje™ Picture Passwords service is free for the first 10,000 successful proofs of knowledge.