Two-factor authentication (2FA) is one of the easiest ways to add extra security to your online accounts. It typically requires a code be sent to a device such as a smartphone either via text message or voice, with that code then acting as the trigger to unlock your account. However, 2FA isn't completely secure, especially when it requires an SMS message be sent.
As Bleeping Computer reports, a team of researchers at Florida International University believe they have come up with a better way to do 2FA. Rather than requiring a message be sent that could be intercepted, it instead requires a picture be taken of a personal object.
The new 2FA system is called Pixie. Using an app, it requires a picture be taken of a personal object you will always have readily available. For example, a watch, credit card, shoe, or glasses would work. The user selects the object, where the focus of the image should be, and the angle the image is taken at. This image then forms a reference for Pixie.
Every time you want to access your accounts, Pixie requires you take a new picture of the object. If they match within set limits, access is granted.
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
The research team believes Pixie offers much better 2FA security. An attacker would not only need to know what personal object you have chosen to use, but also how the reference image was captured. Even then, they need access to the object.
False acceptance rates using automated testing are below 0.09 percent and brute force attacks only results in nine errors per 10,000 login attempts. Real-world testing by 42 people demonstrated that Pixie is faster than text-based 2FA as well as being much more memorable. That makes sense as a personal object is much easier to remember than a password, and snapping an image with your smartphone is very quick.
Pixie isn't officially available yet, but the research team fully intend to release it as an app. Until then, a work-in-progress version is available on GitHub. You can also read the research paper (PDF) entitled Camera Based Two Factor Authentication Through Mobile and Wearable Devices.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe