Securing something can be a difficult process. It should be because it's for the obvious.
But for authorized people, it should be convenient. There should be a balance between security and user experience.
Many websites and online services are enforcing or at least offering two-factor Authentication (2FA) as a way to enhance security. This method utilizes a second method of verification to check someone's identity. Often, this is through an email address or mobile device, whereas a secondary dynamic access code is sent to complete authentication.
While using a good password is a must, but it's not ideal due to being susceptible to brute-force hacking or social engineering.
And not to mention massive data leaks and the lost of mobile devices that happen from time to time.
So there should be more ways to secure things. When technology advances permit biometric verification, things got to a new level. But there is still other ways.
This include using a picture as a token for 2FA verification .
Snapping a photo is an easy thing to do. With almost if not all mobile devices are shipped with built-in cameras, everyone is capable of taking a good picture. This is where researchers from Florida International University and Bloomberg have come up with a novel method for security.
According to the researchers, household items and accessories can be ways to authenticate yourself online. It could become a worthwhile alternative to codes and secondary passwords.
Pixie is a research project which explores how 2FA can be implemented through cameras without the need for additional hardware.
First described last month in the Proceedings of the ACM on Interactive, Mobile, Wearable, and Ubiquitous Technologies, Pixie uses a camera and a "physical token." This token can be a jewelry, an accessory, clothing, or a household item, logos, tattoos, in which it calls a "trinket."
In a research paper explaining the project, the researchers said that trust is established through the trinket, which is known to be owned by the individual asking for authentication.
When a photo of the item is taken, a machine learning system called a "supervised learning classifier" is then used to distinguish the "physical token" no matter the angle of the photo, as well as to determine any small differences which may suggest the item is fake or unacceptable.
The team taught the AI with 40,000 images of household items from public datasets to conduct millions of brute-force authentication attempts. As a result, the system achieved a false acceptance rate of below 0.09 percent.
In a public test with 42 participants, over the span of eight days, Pixie "outperformed text-based passwords on memorability, speed, and user preference," according to the researchers. During tests, shoes, wearable accessories, clothing, and even a ornament were all used as trinkets.
Each trinket is meant to be kept secret. And because the authentication process happens locally inside the device, it would be secured from network-based attacks.