Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
February 17, 2017

Get the IFSEC Global newsletter

The latest fire and security news


Access control in the Asia-Pacific 2017: Legacy infrastructure, innovation and the Internet of Things

Multi-factor authentication

Revolutionary authentication technology adds pictures to the humble password

A multi-factor authentication system where users can draw on pictures and style characters has been pioneered by researchers.

Called PassInfinity (or Pass∞) the technology also introduces facial, iris or fingerprint authentication alongside, or instead of, text-based systems.

PassInfinity, which was developed by researchers at the University of Surrey, will allow users to generate more complicated but nevertheless easy-to-recall passwords. And hackers will have to crack the format and composition of the password, rather than just characters or numbers used, and the order in which they appear.

If PassInfinity makes life harder for hackers, then it simplifies matters for users, because a much longer password can be generated from a shorter sequence of authentication actions. As well as entering conventional passwords, users can style characters and select, click points on, or draw something on a picture.

They can show their face in front of a webcam and even add their geo-location.


The new technology, which has been developed by Dr Shujun Li and PhD student Nouf Aljaffan from the university’s department of computer science, can be completely backward-compatible with existing computer systems. The researchers believe it will make it easier for organisations and service providers to implement and maintain user authentication systems, as well as enhancing both security and user experience.

PassInfinity also provides high modularity, so that minimal changes are needed to add or reconfigure existing authentication modules. This drastically simplifies transitions to new authentication systems and maintenance of existing systems.

“What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.” Dr Shujun Li, University of Surrey

PassInfinity can be installed at the client side on users’ mobile phones or personal computers and developed as an advanced password manager and/or a web browser extension, allowing it to work with any remote servers.

Deployed at the server side, the server can provide more options to end users. They could, for example, decide what biometric authentication actions to choose and how to combine them.

“This is definitely among the biggest ideas and the most exciting research work I have been working on at the University of Surrey for over five years,” says Dr Shujun Li. “What makes the idea unique is the big contrast between the simplicity of the solution and how it solves many hard problems around passwords and user authentication in general.

“The new technology, which is in its final stages of development, will give both end users and organisations a simple and easy to use system that has great flexibility and agility to incorporate all known user authentication factors and many (if not all) known systems in a single framework and user interface.”

The University of Surrey has filed a patent application for PassInfinity and is seeking public feedback on the concept with the help of tech transfer specialists Crossword Cybersecurity plc. Find out how you can get involved.

The market research is funded by the Department for Culture, Media & Sport (DCMS) and Innovate UK through the SETsquared Partnership’s Cyber Security ICURe (Innovation to Commercialisation of University Research) Programme.

Visit Europe’s leading security event in June 2017 Visit IFSEC International for exclusive access to every security product on the market, live product demonstrations and networking with thousands of security professionals. From access control and video surveillance to smart buildings, cyber, border control and so much more. It is the perfect way to keep up to date, protect your business and enhance your career in the security industry. Click here to register your place now to join us at London Excel on 20 – 22 June 2017.

Leave a Reply

Be the First to Comment!

Notify of