Pictures and patterns replace PINs and passwords for authentication
Alternatives to password overload rely on visual technologies
08 December, 2010
category: Corporate, Digital ID, Financial, Library
No doubt about it … passwords are a pain. But as the market becomes saturated with high-tech authentication methods and technologies, some are finding a niche modernizing simple ideas to heighten both security and ease of use.
Case in point: GrIDsure and Confident Technologies. The focus for both companies is to secure authentication to services using visual techniques such as pictures and patterns. These image-based technologies function across platforms and devices providing a simplistic, memorable replacement to passwords and PINs.
GrIDsure’s birth was crafted from the initial question: “Is it possible to create a new pin number and ergo a new pass code every time you do something?” explains Stephen Howes, the company’s director and CEO.
Episode 6: Will GrIDsure’s pattern-based IDs secure the embattled PIN and passcode?
Instead of a typical alphanumeric password, the user chooses a Personal Identification Pattern (PIP) on a five-by-five grid. Instead of memorizing the series of letters and numbers, the selected pattern is committed to memory.
When a PIN is required for authentication, a five-by-five grid with a number in each square is presented. The user enters the numbers that correspond to their pattern or PIP. The backend solution verifies that the entered string matches the user’s PIP to confirm or deny access to the service or transaction.
The concept is based on the idea that patterns and icons can be more recognizable and therefore memorable than numbers and passwords.
Angela Sasse, a professor at the University College of London, ran a user trial to determine how well people could remember patterns. “From the 50 users tested over a twelve-week period, 93%-94% were able to remember and implement their chosen GrIDsure pattern,” says Howes.
In the study, some participants explained that they do not distinctly remember the numbers of their PIN, but rather the movements of their hands across the keypad, he explains.
In other studies the GrIDsure pattern has proven to be more secure than traditional passwords or PINs. A study by Richard Weber, director of the Statistical Laboratory at Cambridge University, found it to be 100 times safer than a traditional PIN with 0-9 numerals, says Howe.
Added is the fact that the numbers are all randomly placed on the grid increasing the difficulty one may find in interpreting your pattern by looking over your shoulder. “The possibility of someone to shoulder-surf you is low and would have to occur tens of thousands of times in order for them to be able to decipher your pattern as opposed to a typical PIN,” says GrIDsure Chairman Jonathan Craymer.
GrIDsure has seen interest in its technology primarily from large corporations, government entities and financial institutions. The biggest interest has come from e-commerce retailers that have found the use of mandatory usernames and passwords to be a double-edged sword that keeps customers safe but deters them from online purchases.
Image-based solutions
Confident Technologies offers image-based security to distinguish humans from automated bots and is now extending this concept to individual authentication. Where GrIDsure relies on the memorization of a pattern, Confident’s ImageShield solution asks individuals to select image categories.
Sarah Needham, manager of marketing and public relations for the company, explains that the user is prompted to pick a category of pictures–for example dogs, cats, boats, food–during registration. With subsequent authentications they are presented with a grid with pictures, each overlaid with a number or letter. The user selects the pictures from their chosen categories and enters the corresponding numbers or letters. This forms the one-time password for that session.
Confident Technologies delivers image-based, multi-factor authentication demo
Much like GrIDsure, the idea is based in the fact that the human brain has an easier time recognizing pictures and events than a random combination of characters.
The idea was initially acquired from Vidoop LLC and the intellectual property was further developed to make it more secure and commercially accessible to all, says Needham.
Needham explains that the average person has more than 20 online accounts forcing them to remember security credentials for each. To lessen the strain of remembering all of these passwords, many choose easy ones that can be hacked or they use the same one for multiple sites.
From various scientific studies we saw that the 5,000 most common passwords are used by 20% of the population, says Needham.
In the future, Needham envisions that ImageShield will create widespread security with improved user experience and present a new platform for marketing and advertising by altering the pictures displayed to users to present products and services.
“The current method of alphanumeric passwords is antiquated and inherently flawed,” concludes Needham. “People simply cannot remember different, strong passwords for every online account they have.”
Perhaps companies like GrIDsure and Confident Technologies are on to something, encouraging users to leave their Kindergarten lessons of “ABCs and 123s” behind in favor of earlier picture books and visual learning techniques.