Scientists have created a new two-factor authentication (2FA) system that requires users to take a photo of a personal object.
Bleeping Computer reported that the system – called Pixie – aims to replace “cumbersome” crypto-based hardware security keys and verification codes received via SMS.
Users select an object as their 2FA key and take a photo of it as part of the setup process.
“Every time users try to log into their account, they re-take a photo of the same object and an app installed on their phone compares the two photos,” stated the report.
Users can strengthen the authentication process by taking the initial photo at a certain angle, or only snapping a part of the object.
Tests showed that Pixie had a false-accept rate of 0.09% when a brute force attack of 14.3 million authentication attempts was conducted.
The Pixie system also removes remote servers from the authentication process, as the image recognition is handled locally via the Pixie app.
The app is still in the testing phase.