Images and codes could provide secure alternative to multiple device password systems

December 23, 2015

A system using images and a one-time numerical code could provide a secure and easy to use alternative to multi-factor methods dependent on hardware or software and one-time passwords, a study by Plymouth University suggests.

Researchers from the Centre for Security Communication and Network Research (CSCAN) believe their new multi-level authentication system GOTPass could be effective in protecting personal online information from hackers.

It could also be easier for users to remember, and be less expensive for providers to implement since it would not require the deployment of potentially costly hardware systems.

Writing in Information Security Journal: A Global Perspective, researchers say the system would be applicable for online banking and other such services, where users with several accounts would struggle to carry around multiple devices, to gain access.

They also publish the results of a series of security tests, demonstrating that out of 690 hacking attempts - using a range of guesswork and more targeted methods - there were just 23 successful break-ins.

PhD student Hussain Alsaiari, who led the study, said: "Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password's vulnerability is well known. There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus. The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."

To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4x4 unlock pattern, similar to that already used on mobile devices. They will then be assigned four random themes, being prompted to select one image from 30 in each.

When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images, six associated distractors and eight random decoys.

Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.

Initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hackings were genuinely successful, with a further 15 achieved through coincidence.

Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study, said: "In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability."
-end-


University of Plymouth

Related Alternative Articles from Brightsurf:

An alternative to animal experiments
Researchers of the Technical University of Munich (TUM) have cultured so-called intestinal organoids from human intestinal tissue, which is a common byproduct when performing bowel surgery.

Survey: Alternative medicine is widespread among people with MS
A new survey of more than 1,000 people with multiple sclerosis finds that an overwhelming majority use complementary and alternative medicine, with many using cannabis.

Biodiversity offsetting is contentious -- here's an alternative
A new approach to compensate for the impact of development may be an effective alternative to biodiversity offsetting -- and help nations achieve international biodiversity targets.

Complementary and alternative therapies to treat colic
A review of the evidence on the use of complementary and alternative (CAM) therapies to treat babies with colic has shown some that some treatments -- including probiotics, fennel extract and spinal manipulation -- do appear to help, but that overall the evidence on the use of these therapies is limited so should be treated with caution.

One-third of cancer patients use complementary and alternative medicine
A stunning one-third of people with a cancer diagnosis use complementary and alternative medicines such as meditation, yoga, acupuncture, herbal medicine, and supplements.

A viable alternative to Medicare-for-all? We can and must do better!
Medicare-for-all, a solution that would bring United States healthcare policies more in line with other industrial nations, faces strong opposition and is unlikely to be enacted in the foreseeable future.

Green alternative to PET could be even greener
One of the most successful plastics is polyethylene terephthalate (PET), the material we use to make bottles and fibers for clothing.

The new green alternative for drug production
For the production of drugs, pesticides and smartphone displays, most of the processes are cost-intensive and generate a large amount of waste.

There is more going on in myotonic dystrophy type 1 than just alternative splicing
A novel mouse model shows that, although many of the characteristics of DM1 result from alternative splicing defects, in addition there are other mechanisms at play and therefore other potential targets to treat this disease.

Use of alternative medicines has doubled among kids, especially teens
Since 2003, the use of alternative medicines among children has doubled.

Read More: Alternative News and Alternative Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.