Tuesday, June 28, 2011

Image based authentication

I found a very interesting paper about a very different authentication method as opposed to what is used today. The basic idea is to forget about passwords and rather select a set of images that will be presented to a user when he wants to log in together with a set of decoy images. The user selects the appropriate images and the login is done via selecting only the correct images.

They claim that this system is more useful then traditional username-password mechanisms as it is easier for a person to remember images rather then complicated text. They also claim that "password" recovery would be made easier via this method. It would have been nice to see some well-known services using such a system. However, to my knowledge, no such authentication methods are in use. 

Furthermore, such a system would render password managers obsolete, as, from what I understood in the paper, it would be very hard to store the images used for login. And to prevent the same type of problems that exists in password based systems you would have to choose different images. Maybe for just one account this would be great, but for multiple user accounts it would be hard. 

I would really like some opinions of such an authentication method. Please feel free to comment.

No comments:

Post a Comment