Researchers Devise 2FA System That Relies On Taking Photos of Ordinary Objects (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Researchers Devise 2FA System That Relies On Taking Photos of Ordinary Objects (bleepingcomputer.com)

Posted by EditorDavid on Sunday October 29, 2017 @11:34AM from the confirmation-Kodak dept.

An anonymous reader quotes Bleeping Computer: Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys (e.g., YubiKey devices) or entering verification codes received via SMS or voice call. The new system is named Pixie, and researchers argue it is more secure than the aforementioned solutions.

Pixie works by requiring users to choose an object as their 2FA key. When they set up the Pixie 2FA protection, they take an initial photo of the object that will be used for reference. Every time users try to log into their account again, they re-take a photo of the same object, and an app installed on their phone compares the two photos... In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts. An Android app is available for testing here.

8 of 138 comments (clear)

Min score:

Reason:

Sort:

cumbersome process of using crypto-based hardware by ChoGGi · 2017-10-29 11:38 · Score: 4, Interesting

I go on the website I like and press a button on my yubikey, that seems easier then whipping out my phone and taking a picture every time...
Probably why I setup my yubikey to also take care of my Steam login (instead of whipping out my phone).
Parts of the body? by cervesaebraciator · 2017-10-29 11:44 · Score: 4, Funny

the system doesn't restrict users and they can choose anything they want as their login trinket, from their watch to parts of their body

Well, now we know what every guy will use.
1. Re:Parts of the body? by Tablizer · 2017-10-29 11:57 · Score: 4, Funny
  
  Siri: "Sorry, that object is too small to use for identification purposes."
  
  --
  Table-ized A.I.
Re:cumbersome process of using crypto-based hardwa by 93+Escort+Wagon · 2017-10-29 11:45 · Score: 4, Insightful

Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!

--
#DeleteChrome
Re:cumbersome process of using crypto-based hardwa by rmdingler · 2017-10-29 11:48 · Score: 5, Funny

Not to mention that, whatever the object is, you’ve got to have it with you at all times - so pick carefully!
Right, perhaps a picture of your face or fingerprint, for example.

--
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Re:cumbersome process of using crypto-based hardwa by 93+Escort+Wagon · 2017-10-29 11:57 · Score: 4, Funny

Wish I’d thought of that - I used my pet Boa Constrictor.

--
#DeleteChrome
someone must have shit this out while drunk by gravewax · 2017-10-29 11:59 · Score: 4, Insightful

This sounds like a completely brain dead idea. seriously how many objects around that people have with them everyday that you can guarantee are unique? not to mention the action of taking the photo basically reveals your 2FA to anyone in the vicinity.
Re:cumbersome process of using crypto-based hardwa by JonnyCalcutta · 2017-10-29 21:09 · Score: 5, Funny

Yeh, me too. Now I've been arrested for indecent exposure.