Two factor authentication could be performed by physical objects

Have you ever thought what it would be like to use a necklace or a bottle of soda as your secret password? Scientists at the Florida International University in cooperation with Bloomberg made a camera-based remote authentication solution to make it possible for you to do that on any mobile device.

It is called Pixie. To use it, you must choose a secret real object, for example, a notepad or pen, and take a photo of it using your mobile device, making reference photos. So, the next time you want to use two-factor identification, you must show this object you’ve selected to the camera. If your quality of picture is bad, you will be notified, but the camera will still recognize it. Don’t be afraid that another lighting or setting will influence the authentication process.

Similar to YubiKeys, Pixie makes it possible to use physical objects to authenticate your logins; however, the keys were aimed to be inserted in the USB, and you could use it to order something online starting from $18 to $500. Pixie says you need no additional hardware, only use the thing of your choice as the authentication factor. If this research project goes to the masses, you can approve your authentication using a bottle of water or a pack of gum you always carry in your pocket.

The research claims you can use Pixie on any device with a camera and older devices, smartwatches, and even Snapchat Spectacles. The research findings show it is easier for people to use a physical object, rather than remembering a complicated text password. However, Pixie would be slower and not so precise as facial recognition, because the physical objects of person’s choice are more diverse than the patterned shapes of human faces. Pixie project was tried on Android using different things like a tattoo, a watch, and a key charm.

Physical objects serving as an authentication factor also get more benefits compared to using human biometrics because Pixie users can change their preferred object all the time, while it is hard to change your fingerprints. You might be asking, what if somebody has seen the authentication object a person used. There were tests and only in 0.09% of 14.3 million tries is it possible pass the authentication. Even if the attacker knew the object, the rate of the attacker’s positive result remained low.

As for now, the scientists are only trying Pixie and do not plan to bring it to the market. It is a scientific project that aims to find out the role and use of physical objects as authentication factors. The study says, with the progress of cameras and graphic image analyzing technologies and with deep neural networks, Pixie can be enhanced and very convenient to use.