About Image-Based Authentication
Multifactor Authentication and One-Time Passwords
Traditional authentication approaches, such as passwords, create an inherent trade-off between security and usability. The stronger the password, the more difficult it is to remember. Most people have more than 25 online accounts for which they need to maintain secure access, including online banking, bill payment, brokerage, healthcare and insurance, shopping, social networking and more. The weakest link in security is the human component. Most people don’t follow security best practices. We write down our passwords on pieces of paper, we don’t change our passwords on a regular basis, we use the same password on multiple sites, or we make our passwords easy to remember and thus susceptible to compromise.
Advantages of Visual Recognition
Confident Technologies is committed to developing intuitive and secure authentication to protect businesses and their customers. Our image-based authentication technology is based upon on the advantages of visual memory and recognition.
The human brain remembers categories and recognizes images more easily than it remembers strings of numbers and letters (such as passwords and PINs). Leveraging this fact, Confident Technologies makes strong authentication easy on people through the use of visual recognition and guided recall.
When a person initially selects their secret image categories, they will often select categories of things that they have an affinity for, or a special memory tied to, or some other type of personal connection with. This makes the categories easier to remember than complex strings of alphanumeric characters.
When authentication is needed and the person is presented with the Confident ImageShield, seeing the pictures displayed on the ImageShield helps trigger their memory of which categories they initially selected. This is called guided recall. It is much easier than, for example, being presented with a blank password field and trying to recall a password out of thin air without any hints.
Academic Research on Image-Based Authentication
Numerous academic studies have shown that people have a much easier time authenticating with images than with passwords and PINS, and that people can remember their image “passwords” longer.
- This study published in the International Journal of Computer Science and Information Security concluded that people remember images better than text passwords, and that images are more secure against brute force attacks, dictionary attacks and keyloggers.
- Another study on an image-based authentication approach demonstrated that 100% of participants were able to remember and correctly authenticate with image-based passwords after 16 weeks, whereas only 40% were able to remember and correctly authenticate with text passwords after 16 weeks.
- A study at University of California, Berkeley showed that 90% of participants succeeded in authentication tests using graphics, while only 70% succeeded using passwords and PINs. The study concluded that memory decay is greater with text passwords.
One-Time Passwords Increase Security
Our image-based authentication technology is unique because it creates a one-time password or authentication code each time. This is extremely important in today’s online environment where computers, smartphones and tablet devices are often infected with keystroke-logging malware (keyloggers), spyware, and Zeus malware that is specifically designed to steal login credentials and authentication codes sent as text messages. Static passwords and PINs provide little security because once they are captured, they can be used over and over again by fraudsters to access accounts. The use of one-time passwords also prevents the domino effect that occurs when a person’s password is leaked from one website and then fraudsters use it to access that person’s accounts on other sites where they used the same password.
By creating one-time passwords and PINs, our image-based authentication provides much stronger security than most authentication approaches. For example, when added to the login as a second layer of authentication (in addition to the traditional username and password), Confident ImageShield can strengthen the security of a login to 99.999%.
Patents and Continuous Innovation
Confident Technologies has a strong patent portfolio with 15 patent filings including US Patent No. 8,117,458 Methods and Systems for Graphical Authentication, and a number of other patent filings related to image-based authentication, image-based password management, and the use of authentication images for advertising.
We continue to stay on the cutting edge of authentication and verification by maintaining our leadership in the fields of cognitive science, computer vision, image obfuscation, human factors and usability. By applying the understandings of these disciplines to product development, Confident Technologies continues to innovate and create intuitive and secure authentication solutions that are easy for our clients and their customers.