Sunday, November 6, 2011

Now, developed picture password to online account

Here’s some good news — researchers claim to have developed picture password for your online account, which will also help protect against hacking. Find it difficult to remember your password?

An international team says that it’s actually a new kind of login which relies on the fallibility of human memory to prevent phishing attempts at stealing one’s account details, the New Scientist reported.

The researchers at Stony Brook University in New York have, in fact, come up with a system, called PhorceField, that makes it almost impossible to login without viewing the correct images.

PhorceField asks users to create a graphical password by choosing four images in a particular order from a set of twelve.

PhorceField asks users to create a graphical password by choosing four images in a particular order from a set of twelve — you might choose pictures of a loaf of bread, a candle flame, and two more, for example.

These images are stored in a secret file on computer that only the legitimate website can access. When one logins, one simply remembers which images to click on among a set of others that aren’t part of one’s password.

A phisher who wants to trick you into giving up your PhorceField password knows nothing about the secret images, and so must present one with a huge number of possibilities in the hope of getting the right set of pictures.

This means that one will struggle to identify the correct ones — one might remember that the password includes a loaf of bread, but was it round or oblong?

A close shot, or taken at a distance? Eventually, after a number of failed logins, you will just give up and leave the phishing site without ever having revealed your password, say the researchers.

The researchers tested PhorceField on 23 users and found that 76 percent failed to reveal even a single image from their password during a phishing attempt, and none revealed the entire password — for once, being forgetful pays off.

They will present their work at the Annual Computer Security Applications conference in Orlando, Florida, next month.

No comments:

Post a Comment