Researchers at Plymouth University have devised a new password input method called GOTPass system, that they believe could improve security and could be effective in protecting personal online information from hackers.
GOTPass system combines patterns, imagery, and one-time passcode to create a system that it’s hoped would be both more secure and easier to remember than traditional passwords. It will also reduce the cost for banks or companies where they might need to implement hardware systems, and also more convenient for customers who might no longer need to bring around.
“In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability.” — said by Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study
How does GOTPass System Work?
To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4×4 unlock pattern, similar to that already used on mobile devices. They will then be assigned four random themes, being prompted to select one image from 30 in each.
When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images, six associated distractors and eight random decoys.
Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.
It all sounds horribly complicated, but initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hacking were genuinely successful, with a further 15 achieved through coincidence.
Researchers say the system would be applicable for online banking and other such services, where users with several accounts would struggle to carry around multiple devices, to gain access. And they are now planning further tests to test its efficacy and usability.
So what do you think about GOTPass system, do they provide a new layer of security without password? We’d love to hear from you in the comments!