PassBYOP is a graphical password system for public terminals that uses personalized physical tokens, like digital pictures on a user’s mobile device, instead of static images. Users authenticate by showing these images to a system camera and selecting password elements on live video. The system verifies passwords by extracting distinctive optical features. Studies showed PassBYOP is reliable, requiring at least seven features and 40% geometric matching; usable, with 7.5-second completion times and 9% error rates; and secure, resisting observation attacks such as shoulder surfing and malware. Overall, PassBYOP provides strong security while maintaining usability comparable to existing graphical password systems.
Andrea Bianchi, Ian Oakley and Hyoungshick Kim. 2016. PassBYOP: Bring Your Own Picture for Securing Graphical Passwords. In IEEE Transactions on Human-Machine Systems, vol. 46, no. 3, pp. 380-389, June 2016. doi: 10.1109/THMS.2015.2487511