Multi-factor authentication

Revolutionary authentication technology adds pictures to the humble password

A multi-factor authentication system where users can draw on pictures and style characters has been pioneered by researchers.

Called PassInfinity (or Pass∞) the technology also introduces facial, iris or fingerprint authentication alongside, or instead of, text-based systems.

PassInfinity, which was developed by researchers at the University of Surrey, will allow users to generate more complicated but nevertheless easy-to-recall passwords. And hackers will have to crack the format and composition of the password, rather than just characters or numbers used, and the order in which they appear.

If PassInfinity makes life harder for hackers, then it simplifies matters for users, because a much longer password can be generated from a shorter sequence of authentication actions. As well as entering conventional passwords, users can style characters and select, click points on, or draw something on a picture.

They can show their face in front of a webcam and even add their geo-location.

Backward-compatible

The new technology, which has been developed by Dr Shujun Li and PhD student Nouf Aljaffan from the university’s department of computer science, can be completely backward-compatible with existing computer systems. The researchers believe it will make it easier for organisations and service providers to implement and maintain user authentication systems, as well as enhancing both security and user experience.

PassInfinity also provides high modularity, so that minimal changes are needed to add or reconfigure existing authentication modules. This drastically simplifies transitions to new authentication systems and maintenance of existing systems.

“What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.” Dr Shujun Li, University of Surrey

PassInfinity can be installed at the client side on users’ mobile phones or personal computers and developed as an advanced password manager and/or a web browser extension, allowing it to work with any remote servers.

Deployed at the server side, the server can provide more options to end users. They could, for example, decide what biometric authentication actions to choose and how to combine them.

“This is definitely among the biggest ideas and the most exciting research work I have been working on at the University of Surrey for over five years,” says Dr Shujun Li. “What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.

“The new technology, which is in its final stages of development, will give both end users and organisations a simple and easy to use system that has great flexibility and agility to incorporate all known user authentication factors and many (if not all) known systems in a single framework and user interface.”

The University of Surrey has filed a patent application for PassInfinity and is seeking public feedback on the concept with the help of tech transfer specialists Crossword Cybersecurity plc. Find out how you can get involved.

The market research is funded by the Department for Culture, Media & Sport (DCMS) and Innovate UK through the SETsquared Partnership’s Cyber Security ICURe (Innovation to Commercialisation of University Research) Programme.

   

Visit Europe’s leading security event in June 2017 

Visit IFSEC International for exclusive access to every security product on the market, live product demonstrations and networking with thousands of security professionals. From access control and video surveillance to smart buildings, cyber, border control and so much more. It is the perfect way to keep up to date, protect your business and enhance your career in the security industry.  

Click here
to register your place now to join us at London Excel on 20 – 22 June 2017.
0 comments
Adam Bannister

Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is the Editor in Chief for IFSECGlobal.com. A former managing editor at Dynamis Online Media Group, his experience in B2B journalism spans eight years and includes writing, subediting, and interviewing. Adam, who also has experience writing PR, creating surveys, and producing whitepapers, is determined to grow IFSEC Global's community and strengthen its position as the premier resource for the security and fire-prevention industries. Hailing from Birmingham (ranked in The New York Times's Places to Visit 2012 no less!), he is an Aston Villa supporter and regularly plays five-a-side football.
February 17, 2017

Get the IFSEC Global newsletter

The latest security and fire news

Download

Aesthetically pleasing, crash-tested street furniture: why functional will no longer do

Topics: