GOTPass Seeks to Replace Passwords with Images and Patterns | Tripwire

GOTPass Seeks to Replace Passwords with Images and Patterns

Posted on December 28, 2015
FTC Says Identity Theft Victims Don't Always Need a Police Report
A new system called GOTPass could offer a alternative to multi-factor authentication by replacing passwords with images and patterns. Endgadget reports that the system, which was developed by researchers at the University of Plymouth, requires a two-step one-time setup. First, users are asked to draw a pattern on a 4x4 grid, a method of authentication which mimics Android's screen unlock procedure. Second, they are asked to choose one image each from four grids of 30 different emoji. Upon completion of that step, users would have successfully created their own pattern- and image-based "password". The actual login process in a way resembles that of multi-factor authentication without the use of a mobile device. As explained on Digital Trends, after entering in their username, users are asked to draw their patterns on a 4x4 grid and choose two of their pre-selected images from a grid of 16 different emoji. If they authenticate themselves correctly, they will be sent a one-time passcode which they can use to finalize the login.
security133.jpg
 Source: TechRadar PhD student Hussain Alsaiari, who led the study, believes that GOTPass could fulfill a vital need in security--the persistent insecurity of character-based passwords.
"Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password's vulnerability is well known," explains Alsaiari in a press release on EurekAlert! "There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus. The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."
To test this claim, Alsaiari and his colleagues launched 690 hacking attempts against the system during testing. Only 23 (approximately 3%) of those tries were successful, a majority of which (15 attempts--65 percent) were coincidental only. GOTPass could indeed be the future of secure logins. While researchers continue to refine this system and others like it, users are urged to follow these best practices when it comes to password security. It is also recommended that users take advantage of a password manager for added protection and convenience.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!