SCIS Ph.D. student Mozhgan Azimpourkivi co-advised by Dr. Umut Tokara, Bloomberg LP and SCIS Associate Professor, Dr.Bogdan Carbunar have created a custom two-factor authentication (2FA) system called Pixie that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys or entering verification codes received via SMS or voice call.
Using physical objects as authenticators also has a slight advantage over using human biometrics, since users can easily change their chosen objects, but would have a harder time changing their physical features. And on the off chance, someone is spying over your shoulder for what object you’re using? The experts tested how secure Pixie was against a brute force attack with 14.3 million authentication attempts, and found that in 0.09 percent of all instances, Pixie would unlock for an attacker. Even if the attacker knew what object to use, the rate of success remained low.
~ The Verge
Pixie isn’t officially available yet, but the research team fully intend to release it as an app. Until then, an Android app is available for testing on Github. Also, read the research paper “Camera Based Two Factor Authentication Through Mobile and Wearable Devices“.
You can read more articles on this topic below:
The Register, https://www.theregister.co.uk/2017/10/25/pixie_2fa_project/
Cyberscoop, https://www.cyberscoop.com/pixie-android-app-two-factor-authentication/
Bleeping Computer, https://www.bleepingcomputer.com/news/security/researchers-devise-2fa-system-that-relies-on-taking-photos-of-ordinary-objects/
ZDNet, https://www.zdnet.com/article/how-to-turn-your-watch-shoes-or-junk-into-a-password/
SD Times, https://sdtimes.com/researchers-add-physical-objects-two-factor-authentication/
PC Magazine,
Security Intelligence, https://securityintelligence.com/news/photo-based-pixie-2fa-system-takes-authentication-to-a-new-dimension/