IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Are pictures more secure than passwords?

Plymouth University's secure method could replace multi-factor authentication and one-time passwords

Password label

Researchers at Plymouth University have developed a numerical-based security system that could replace traditional passwords and multi-factor authentication.

GOTPass, developed by the Centre for Security Communication and Network Research (CSCAN). is a one-time numerical code that doesn't depend on hardware or software to work.

It can prevent hackers from accessing confidential information, while also making it easier for users to remember and cheaper for providers to implement in comparison to developing their own multi-layered security solutions.

The solution would come in particularly useful for users who have multiple accounts with the same provider or use different devices to access their accounts.

To set up a GOTPass account, users need to create a user name and draw a pattern in a 4x4 grid, similar to using an unlock pattern on a smartphone. They must then choose one image from each of four different themes presented to them.

When they log in to a website using the GOTPass system, they will be asked to enter their unique pattern and choose two images from those presented that correlate with step two of the account setup.

When carried out successfully, they will be given an eight-digit, randomly generated code that they must enter into the login screen when directed.

"In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that," said Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study.

"This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability."

The researchers published the results of trials in the Information Security Journal: A Global Perspective, revealing that the new solution stopped 97 per cent of hacks getting through, out of 690 attempts, showing it is a highly effective method for preventing attacks.

"Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password's vulnerability is well known," said PhD student Hussain Alsaiari, who led the research.

"There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus."

Alsaiari added: "The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Netsuite integration checklist
Whitepaper

Netsuite integration checklist

18 May 2022
What Is iPaaS?
Whitepaper

What Is iPaaS?

18 May 2022
A modern digital workplace strategy
Whitepaper

A modern digital workplace strategy

12 May 2022
Organisations accelerating their digital workplace achieve improvements
Whitepaper

Organisations accelerating their digital workplace achieve improvements

12 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022