Are pictures more secure than passwords?

Plymouth University's secure method could replace multi-factor authentication and one-time passwords

Researchers at Plymouth University have developed a numerical-based security system that could replace traditional passwords and multi-factor authentication.

GOTPass, developed by the Centre for Security Communication and Network Research (CSCAN). is a one-time numerical code that doesn't depend on hardware or software to work.

It can prevent hackers from accessing confidential information, while also making it easier for users to remember and cheaper for providers to implement in comparison to developing their own multi-layered security solutions.

Advertisement - Article continues below

The solution would come in particularly useful for users who have multiple accounts with the same provider or use different devices to access their accounts.

To set up a GOTPass account, users need to create a user name and draw a pattern in a 4x4 grid, similar to using an unlock pattern on a smartphone. They must then choose one image from each of four different themes presented to them.

When they log in to a website using the GOTPass system, they will be asked to enter their unique pattern and choose two images from those presented that correlate with step two of the account setup.

When carried out successfully, they will be given an eight-digit, randomly generated code that they must enter into the login screen when directed.

Advertisement
Advertisement - Article continues below

"In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that," said Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study.

Advertisement - Article continues below

"This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability."

The researchers published the results of trials in the Information Security Journal: A Global Perspective, revealing that the new solution stopped 97 per cent of hacks getting through, out of 690 attempts, showing it is a highly effective method for preventing attacks.

"Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password's vulnerability is well known," said PhD student Hussain Alsaiari, who led the research.

"There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus."

Alsaiari added: "The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/technology/artificial-intelligence-ai/355716/what-is-tiny-ai
artificial intelligence (AI)

What is Tiny AI?

20 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020