Researchers Devise 2FA System That Relies On Taking Photos of Ordinary Objects
An anonymous reader quotes Bleeping Computer: Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys (e.g., YubiKey devices) or entering verification codes received via SMS or voice call. The new system is named Pixie, and researchers argue it is more secure than the aforementioned solutions. Pixie works by requiring users to choose an object as their 2FA key. When they set up the Pixie 2FA protection, they take an initial photo of the object that will be used for reference. Every time users try to log into their account again, they re-take a photo of the same object, and an app installed on their phone compares the two photos… In automated tests, Pixie achieved a false accept rate below 0.09% in a brute force attack with 14.3 million authentication attempts. An Android app is available for testing here.
Read more of this story at Slashdot.