SCIS Ph.D. student Mozhgan Azimpourkivi co-advised by Dr. Umut Tokara, Bloomberg LP and SCIS Associate Professor, Dr.Bogdan Carbunar have created a custom two-factor authentication (2FA) system called Pixie that relies on users taking a photo of a personal object. The act of taking the photo comes to replace the cumbersome process of using crypto-based hardware security keys or entering verification codes received via SMS or voice call.
Using physical objects as authenticators also has a slight advantage over using human biometrics, since users can easily change their chosen objects, but would have a harder time changing their physical features. And on the off chance, someone is spying over your shoulder for what object you’re using? The experts tested how secure Pixie was against a brute force attack with 14.3 million authentication attempts, and found that in 0.09 percent of all instances, Pixie would unlock for an attacker. Even if the attacker knew what object to use, the rate of success remained low. ~ The Verge