Stop passwords with letters and numbers, the future is images
It’s time to world away from text-based passwords and verification for mobile phones and start embracing more secure image-based solutions: this was stated by the computer scientists of the University of Surrey. In a new study, researchers from Surrey in England demonstrate an image-based authentication system called Tim (Transparent image moving) for mobile phones to reduce the risk of shoulder surfing attacks, a technique used to obtain information such as pin codes, passwords and other confidential data.
Tim requires users to select and move predefined images to a designated location to pass authentication checks, similar to those required for online shopping. The demonstration study found that 85% of users believe it can help prevent password guessing and shoulder surfing attacks.” The study also found that 71% of participants believe Tim is an image-based solution more usable than others on the market.
Per Rizwan Asghar, co-author of the paper for the University of Surrey, “We spend a large part of our lives on our cell phones and depend on them for activities such as banking, shopping and keeping in touch with our loved ones. However, it is surprising how little innovation and progress has been made to protect these activities and our most private information. We believe image-based, interactive authentication processes like Tim’s are a step in the right direction.” Shoulder surfing is an attack in which someone logs sensitive information, such as passwords or credit card numbers, entered by a victim on a computer or mobile device screen looking over the shoulder or from a distance Shoulder surfing attacks often occur in crowded public places such as airports, cafes or public transport.
“The current text-based status quo offers trade-offs between usability and security,” Asghar continues. “While short-text-based passwords are easy to remember, are not secure enough and leave you vulnerable to password guessing or shoulder surfing attacks.” Passwords based on long text are security winners but are incredibly difficult for users to remember. “It is promising that many of our participants found Tim usable and did not find the learning curve too steep. This suggests that the market may be ready for image-based alternatives for mobile device security.”
Subscribe to the newsletter