"Protecting Picture Passwords"

Researchers from the University of Tsukuba, Japan, propose the use of an alternative approach to text passwords, which involves using an enhanced graphical authentication method. They developed the "Estimating Your Encodable Distorted images" (EYEDi) system for online graphical authentication using key images with levels of distortion that can be adjusted to prevent over-the-shoulder and screen-capture snooping, thus improving the security of websites. Randomly distorting key images differently each time makes the system more secure against password crackers, even if they can see the user's screen. Text-based passwords are still the most common way to authenticate a user on the Internet, but they pose a major vulnerability as people often choose to create simple easily crackable passwords. The researchers' proposed solution instead uses a set of pictures called key images. In order for a user to log in, they must chose their secret key images from a lineup of pictures. Although this method is easy to remember and is relatively secure, it is still susceptible to over-the-shoulder attacks in which someone else watches the screen. Therefore, a new system is needed to help make this graphical authentication more resistant to these vulnerabilities. The EYEDi system generates distorted versions of key images during each log-in by applying several image processing filters. Even if a hacker installs a screen-capture program on a user's computer, they would still be unable to discern the original key images. The team noted that previously proposed image distortion methods were incapable of preventing camera recording or screen-capture attacks because the key images are the same each time. This article continues to discuss the EYEDi system developed by researchers at the University of Tsukuba to protect picture passwords and improve Internet security. 

University of Tsukuba reports "Protecting Picture Passwords"