GOTPass drops passwords in favor of images and a one-time code
04 January, 2016
category: Corporate, Digital ID
A study from UK’s Plymouth University finds that combining images with a one-time numerical code is an easy way to beat hackers.
Researchers at the university’s Centre for Security Communication and Network Research created a system and wrote a paper about it: Secure Graphical One Time Password (GOTPass): An Empirical Study.
“GOTPass is a secure and easy to use multi-level authentication mechanism,” says Maria Papadaki, lecturer in network security at the university and director of the PhD research study. “The user is asked to enter a one-time code, which corresponds to graphical images that are known to the user and displayed among others in a matrix.”
To begin, GOTPass users decide on a unique username and draw a shape on a 4×4 grid that will become the unlock pattern. Then, they’re assigned four random themes and prompted to select an image from each one. During account login, the username is entered and the unlock pattern is drawn. The user then sees 16 images, only two of which were selected during enrollment. If the user chooses the correct two images, an eight-digit random code is generated and must be typed in for the user to gain access.
Papadaki says initial results from the prototype implementation are very encouraging. Out of 690 hacking attempts, just 23 were successful.
“GOTPass combines the usability of graphical authentication and the cost effectiveness of software based systems,” Papadaki says. “As such it could be a less expensive alternative to token based authentication, which is often used in online banking and associated with the use of costly hardware systems.”
The research team next plans to test the long-term effectiveness of the GOTPass system in an online banking environment.
