Skip to main content

Need a secure password? Use patterns and icons

gotpass uses icons and patterns for passwords qwerty card password protection encryption
Image used with permission by copyright holder
In the never-ending battle for digital security, finding and remembering a good password seems to be the bane of our collective existences. After all, the most secure password is one that we can’t remember, and the most memorable ones are easily hacked. So what’s to be done? According to researchers at Plymouth University, we just need to start using patterns and images instead of letters and numbers. In a system known as GOTPass, users employ “images and a one-time numerical code” in order to secure important information. And if scientists are to be believed, this is a much safer alternative to currently available methods.

“Traditional passwords are undoubtedly very usable but regardless of how safe people might feel their information is, the password’s vulnerability is well known,” said study lead and PhD student Hussain Alsaiari. “There are alternative systems out there, but they are either very costly or have deployment constraints which mean they can be difficult to integrate with existing systems while maintaining user consensus.”

The setup is relatively simple — GOTPass asks users to draw a pattern atop a four by four grid (hearkening to Android’s pattern locks). Then, they choose an emoji-type icon from a grid of 30 such images. Once they’ve chosen four different emojis (from four different grinds), they’ll have a brand new “password.”

The usage process, on the other hand, is a bit more complex. To log in, you’ll provide a username, then draw your pattern, then correctly identify two of the four emojis you previously chose from the 16 different possibilities displayed. Once you’ve proven that you are, in fact, the person you claim to be, you’ll be granted a one-time passcode. Sure, it seems like quite a bit of work, but when you’re looking to protect your identity, it’s an easy trade-off. And really, it probably takes no more time than a 2-factor authentication.

Impressively, in 690 initial tests of the GOTPass system, only 3.33 percent of attempted hacks proved successful. Says Alsiari, “The GOTPass system is easy to use and implement, while at the same time offering users confidence that their information is being held securely.”

Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study, agreed, noting, “In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability.”

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
If you use this free password manager, your passwords might be at risk
Office computer with login asking for password and username.

Researchers have just found a flaw within Bitwarden, a popular password manager. If exploited, the bug could give hackers access to login credentials, compromising various accounts.

The flaw within Bitwarden was spotted by Flashpoint, a security analysis firm. While the issue hasn't received much -- or any -- coverage in the past, it appears that Bitwarden was aware of it all along. Here's how it works.

Read more
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Here’s how much faster Nvidia’s RTX 4090 is at cracking passwords
Nvidia GeForce RTX 4090 GPU.

You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers. The password-cracking speed of Nvidia’s best GPU has been highlighted before but the latest revelation points out the performance compared to other graphics cards.
Security analyst and researcher Sam Croley goes by Chick3nman on Twitter where he shares information related to password security. The latest tests show the RTX 4090’s Hashcat performance is roughly eight times greater than eight GTX 1080s. Compared to Nvidia’s best GPU from the previous generation, the RTX 4090 is nearly twice as fast as the RTX 3090. The tweet was the first spotted by Tom’s Hardware.

Replying to a question in the same Twitter thread, Croley said Nvidia’s GeForce RTX 4090 GPU is more than three times faster than an AMD Radeon RX 6900 when using the hash speed benchmark Hashcat. Croley noted that the relative performance of AMD’s Radeon RX 7000 series is still unknown.

Read more