A system using images and a one-time numerical code can provide a secure and easy to use alternative to multiple device password systems like are used in online banking, researchers say.
It can also be easier for users to remember and be less expensive for providers to implement since it would not require the deployment of potentially costly hardware systems,” said the team from Plymouth University in Britain.
The “GOTPass” system will be applicable for online banking and other such services where users with several accounts would struggle to carry around multiple devices to gain access.
They also publish the results of a series of security tests, demonstrating that out of 690 hacking attempts – using a range of guesswork and more targeted methods – there were just 23 successful break-ins.
Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password’s vulnerability is well known.
“The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely,” said PhD student Hussain Alsaiari.
To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4×4 unlock pattern, similar to that already used on mobile devices.
They will then be assigned four random themes, being prompted to select one image from 30 in each.
When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images — six associated distractors and eight random decoys.
Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.
Initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hackings were genuinely successful, with a further 15 achieved through coincidence.
“We are now planning further tests to assess the long-term effectiveness of the GOTPass system and more detailed aspects of usability,” added Dr Maria Papadaki from Plymouth University in a paper appeared in the Information Security Journal: A Global Perspective.