Skip to main content

The password can be replaced by pictures, researchers say

Researchers from the University of Plymouth are suggesting we ditch the traditional password and replace it with something much more fitting for 2016.

They’re suggesting (opens in new tab)a system themselves developed, called GOTPass, or Graphical One Time Password, and its biggest advantage is, aside from the obvious security, the fact that it’s not expensive and does not require extra installations.

"There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus,” said PhD student Hussain Alsaiari. “The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely."

To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4x4 unlock pattern, similar to that already used on mobile devices, the researchers explained here (opens in new tab). They will then be assigned four random themes, being prompted to select one image from 30 in each.

"When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images, six associated distractors and eight random decoys.

Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.

Initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hackings were genuinely successful, with a further 15 achieved through coincidence."

"In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low-cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices," added Dr Maria Papadaki, a lecturer in network security at Plymouth University and director of the study.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.