Time.news – It’s time for the world to move away from text-based passwords and mobile phone verification and start embracing more secure image-based solutions, say computer scientists at the University of Surrey.
In a new study, British researchers have demonstrated an image-based authentication system called Tim (Transparent image moving) for mobile phones to reduce the risk of shoulder surfing attacks.
Tim requires users to select and move predefined images to a designated location to pass authentication checks, similar to those required for online shopping. The demonstration study found that 85% of users believe it can help prevent password guessing and shoulder surfing attacks“.
The study also found that 71% of participants believed Tim to be a more usable image-based solution than others on the market. For Rizwan Asghar, co-author of the paper for the University of Surrey, “we spend a large part of our lives on our mobile phones and depend on them for activities such as banking, shopping and keeping in touch with our loved ones.
However, “it is surprising how little innovation and progress has been made to protect these activities and our most private information. We believe that image-based and interactive authentication processes like Tim represent a step in the right direction”.
Shoulder surfing is an attack in which someone records sensitive information, such as passwords or credit card numbers, entered by a victim on a computer or mobile device screen while looking over their shoulder or from a distance. Shoulder surfing attacks often they occur in crowded public places such as airports, cafes or public transport.
“The current text-based status quo offers trade-offs between usability and security,” Asghar continues. “While short-text-based passwords are easy to remember, they aren’t secure enough, leaving you vulnerable to password guessing or shoulder surfing attacks.”
Long text-based passwords are winners in terms of security but are incredibly difficult for users to remember.
“Promisingly, many of our participants found Tim usable and didn’t find the learning curve too steep. This suggests that the market may be ready for image-based alternatives for mobile security.”