U.K. Researchers Develop Solution For Password Fatigue Using Graphic Images
As the Internet becomes a bigger part of our daily routine for doing just about everything, the task of managing your passwords can get cumbersome. Researchers at the University of Plymouth in Plymouth, U.K. thinks they may have found some relief for password fatigue, according to The Inquirer.
The solution is a combination of sequential images and a one-time numerical code.
GOTPass, also called Graphical One Time Password, debuted on Christmas Day in a blog from local media officer Alan Williams. The blog included statements from participants in the Ph.D. study at the university’s Centre for Security Communication and Network Research.
White Paper Sheds Light
Memorizing strong passwords often results in unreliable practices, according to a white paper on the study. Graphical authentication offers a solution since peoples’ memory for images is superior to that of text, thereby improving password security and usability.
GOTPass authenticates using a one-time number code that the user types in based on a sequence of confidential images and a pre-selected image format, the paper notes. The paper includes an analysis of the security evaluation and demonstrates GOTPass’s high resistance capability versus common graphical password attacks.
Three simulated attacks – shoulder-surfing, guessing and intersection, demonstrated that nearly 98% of 690 attempts were unable to compromise the system.
GOTPass: Easy Set Up
To set up GOTPass, a user draws a pattern on a 4×4 grid similar to Android’s unlock scheme, according to Engadget.com. Once the user chooses a pattern, they select an image from grids of 30 random emoji-esque images. After picking from four grids, they receive their “password.” The login process is fairly simple once the GOTPass is set up. The user enters a username, then draws the pattern lock. Next there are 16 images, of which two are from the four picked during setup, and 14 are decoys. The user selects the correct images and gets a one-time passcode to enter.
Hussain Alsaiari, a Ph.D. student, said traditional passwords are usable, but they are also vulnerable, no matter how safe the user feels their information is.
Alternative systems exist, Alsaiari said, but they are expensive or they have deployment constraints that make them hard to integrate into existing systems while maintaining user consensus.
The GOTPass system, by contrast, is easy to use and provides confidence the information is secure.
Also read: Strong passwords: motor memory phassphrase
Dr. Maria Papadaki, a network security lecturer at the university who is directing the study, said online security needs to be hard to hack to be effective, and the study has shown that a combination of one-time passwords and graphics can provide this. The solution is also low cost compared to token-based, multi-factor systems that call for expensive hardware devices.
The team is planning more tests to determine the long-term effectiveness of GOTPass, along with more detailed usability aspects.
Featured image from Shutterstock.