Make Mine a Quadruple: Strengthening the Security of Graphical One-Time PIN Authentication
Secure and reliable authentication is an essential prerequisite for many online systems, yet achieving this in a way which is acceptable to customers remains a challenge. GrIDsure, a one-time PIN scheme using random grids and personal patterns, has been proposed as a way to overcome some of these challenges. The authors present an analytical study which demonstrates that GrIDsure in its current form is vulnerable to interception. To strengthen the scheme, they propose a way to fortify GrIDsure against Man-in-the-Middle attacks through an additional secret transmitted out-of-band and multiple patterns. Since the need to recall multiple patterns increases user workload, they evaluated user performance with multiple captures with 26 participants making 15 authentication attempts each over a 3-week period.