A new study suggests that using a password system that is more image-based compared to text-based is more effective in providing online security of personal data.
The research team members from the Center for Security Communication and Network Research (CSCAN) believe that the method, which they referred to as a new multi-level authentication system known as GOTPass, does not only provide a more secure way for entering passwords, but also an easier alternative for users who have issues in remembering the needed text to enter.
“The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely,” said, PhD student Hussain Alsaiari who is the lead author of the study.
The GOTPass system requires a one-time setup from the user. The first step is to choose a unique username and then draw a pattern on a 4 x 4 grid akin to the unlock scheme of smartphones. Once a pattern is chosen, the user will then be assigned with four random themes, each of which has 30 images. The user will be prompted to choose one image from each of the themes.
Upon logging in to his account, the user will be asked to enter a username and then draw the pattern lock. Afterwards, he will be presented with a series of 16 images made up of his selected images (2), useful distracters (6) and random decoys (8).
Users may find the method as complicated to use but in reality, it’s even faster than typing one’s password. According to the research team, the system is proven to be easy to remember and also hack-proof.
The paper’s abstract noted how the team simulated three attacks that involved password hacking methods such as guessing, intersection and shoulder-surfing. The team earned favorable results which showed that out of the total 690 attempts, only 23 were successful, giving the system a 98 percent reliability rate.
“In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that,” said director of the PhD research study Dr Maria Papadaki, who is also a Lecturer in Network Security at Plymouth University.