One-time picture passcodes strengthen logins

Confident ImageShield is a cloud-based, multifactor authentication service that creates one-time passcodes by prompting users to correctly identify pictures from a dynamic grid of images presented during the website login.

It strengthens website logins and is highly secure against keylogging malware, phishing and brute force attacks to help protect organizations and their customers from data breaches, online fraud and identity theft.

Authentication on public-facing websites remains one of the weakest links in Internet security. Most websites continue to rely on a simple username and password as the only means of authentication for logins and sensitive transactions. The problem is that most Internet users have too many passwords to remember, so they choose weak passwords that are easily compromised by hackers or they re-use the same password on multiple websites.

Industry research has shown that the most common password on the Web is “123456” and that the 5,000 most common passwords are shared by 20 percent of the online population. Researchers at Georgia Tech Research Institute recently indicated that to be secure, a password should be a string of 12 random characters including upper and lowercase letters, numbers and symbols. Unfortunately, people simply cannot remember so many complex passwords, so they revert to old habits that undermine website security and increase risk of fraud.

Confident Technologies solves the problem of poor password practices by adding a secure, one-time passcode to login credentials simply by asking users to identify images. When a user registers on a website for the first time, they choose a few categories of images that are easy to remember – such as dogs, cars and flowers. Each time the user logs in they are presented with a randomly-generated grid of images.

The user looks for the images that fit their chosen categories and enters the corresponding letters or numbers that appear in the images to form a one-time passcode. The specific images, their location on the grid and the corresponding alphanumeric characters are different every time. In this way, Confident ImageShield creates a unique passcode for each authentication, yet the user only needs to remember a few simple categories – dogs, cars and flowers, in this case.

The human brain is innately better at remembering categories and recognizing images than remembering long strings of random alphanumeric characters. Leveraging this fact, Confident ImageShield is able to increase website security while remaining simple for users. There is no software to download, no tokens to carry, and industry research has shown that people remember graphical passwords longer and are able to authenticate correctly more often with image-based authentication methods than with alphanumeric passwords or PINs.