A multi-factor authentication system where users can draw on pictures and style characters has been pioneered by researchers.
Called PassInfinity (or Pass∞) the technology also introduces facial, iris or fingerprint authentication alongside, or instead of, text-based systems.
PassInfinity, which was developed by researchers at the University of Surrey, will allow users to generate more complicated but nevertheless easy-to-recall passwords. And hackers will have to crack the format and composition of the password, rather than just characters or numbers used, and the order in which they appear.
If PassInfinity makes life harder for hackers, then it simplifies matters for users, because a much longer password can be generated from a shorter sequence of authentication actions. As well as entering conventional passwords, users can style characters and select, click points on, or draw something on a picture.
They can show their face in front of a webcam and even add their geo-location.
Backward-compatible
The new technology, which has been developed by Dr Shujun Li and PhD student Nouf Aljaffan from the university’s department of computer science, can be completely backward-compatible with existing computer systems. The researchers believe it will make it easier for organisations and service providers to implement and maintain user authentication systems, as well as enhancing both security and user experience.
PassInfinity also provides high modularity, so that minimal changes are needed to add or reconfigure existing authentication modules. This drastically simplifies transitions to new authentication systems and maintenance of existing systems.
“What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.” Dr Shujun Li, University of Surrey
PassInfinity can be installed at the client side on users’ mobile phones or personal computers and developed as an advanced password manager and/or a web browser extension, allowing it to work with any remote servers.
Deployed at the server side, the server can provide more options to end users. They could, for example, decide what biometric authentication actions to choose and how to combine them.
“This is definitely among the biggest ideas and the most exciting research work I have been working on at the University of Surrey for over five years,” says Dr Shujun Li. “What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.
“The new technology, which is in its final stages of development, will give both end users and organisations a simple and easy to use system that has great flexibility and agility to incorporate all known user authentication factors and many (if not all) known systems in a single framework and user interface.”
The University of Surrey has filed a patent application for PassInfinity and is seeking public feedback on the concept with the help of tech transfer specialists Crossword Cybersecurity plc. Find out how you can get involved.
The market research is funded by the Department for Culture, Media & Sport (DCMS) and Innovate UK through the SETsquared Partnership’s Cyber Security ICURe (Innovation to Commercialisation of University Research) Programme.
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
