Home > Computing > Need a secure password? Use patterns and icons

Need a secure password? Use patterns and icons

In the never-ending battle for digital security, finding and remembering a good password seems to be the bane of our collective existences. After all, the most secure password is one that we can’t remember, and the most memorable ones are easily hacked. So what’s to be done? According to researchers at Plymouth University, we just need to start using patterns and images instead of letters and numbers. In a system known as GOTPass, users employ “images and a one-time numerical code” in order to secure important information. And if scientists are to be believed, this is a much safer alternative to currently available methods.

“Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password’s vulnerability is well known,” said study lead and PhD student Hussain Alsaiari. “There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus.”

The setup is relatively simple — GOTPass asks users to draw a pattern atop a four by four grid (hearkening to Android’s pattern locks). Then, they choose an emoji-type icon from a grid of 30 such images. Once they’ve chosen four different emojis (from four different grinds), they’ll have a brand new “password.”

RelatedWindows Hello is the miraculous password killer you’ve waited for

The usage process, on the other hand, is a bit more complex. To log in, you’ll provide a username, then draw your pattern, then correctly identify two of the four emojis you previously chose from the 16 different possibilities displayed. Once you’ve proven that you are, in fact, the person you claim to be, you’ll be granted a one-time passcode. Sure, it seems like quite a bit of work, but when you’re looking to protect your identity, it’s an easy trade-off. And really, it probably takes no more time than a 2-factor authentication.

Impressively, in 690 initial tests of the GOTPass system, only 3.33 percent of attempted hacks proved successful. Says Alsiari, “The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely.”

Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study, agreed, noting, “In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability.”