Are pictures more secure than passwords?

Plymouth University's secure method could replace multi-factor authentication and one-time passwords

Researchers at Plymouth University have developed a numerical-based security system that could replace traditional passwords and multi-factor authentication.

GOTPass, developed by the Centre for Security Communication and Network Research (CSCAN). is a one-time numerical code that doesn't depend on hardware or software to work.

It can prevent hackers from accessing confidential information, while also making it easier for users to remember and cheaper for providers to implement in comparison to developing their own multi-layered security solutions.

The solution would come in particularly useful for users who have multiple accounts with the same provider or use different devices to access their accounts.

To set up a GOTPass account, users need to create a user name and draw a pattern in a 4x4 grid, similar to using an unlock pattern on a smartphone. They must then choose one image from each of four different themes presented to them.

When they log in to a website using the GOTPass system, they will be asked to enter their unique pattern and choose two images from those presented that correlate with step two of the account setup.

When carried out successfully, they will be given an eight-digit, randomly generated code that they must enter into the login screen when directed.

"In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that," said Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study.

"This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability."

The researchers published the results of trials in the Information Security Journal: A Global Perspective, revealing that the new solution stopped 97 per cent of hacks getting through, out of 690 attempts, showing it is a highly effective method for preventing attacks.

"Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password's vulnerability is well known," said PhD student Hussain Alsaiari, who led the research.

"There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus."

Alsaiari added: "The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

The IT Pro Podcast: 100 years of innovation
Technology

The IT Pro Podcast: 100 years of innovation

1 Oct 2021
Telegram bots are out to steal your one-time passwords
hacking

Telegram bots are out to steal your one-time passwords

30 Sep 2021
What makes a password secure?
Sponsored

What makes a password secure?

28 Sep 2021
Auto sector could lose $210 billion this year due to chip shortages
Hardware

Auto sector could lose $210 billion this year due to chip shortages

24 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021