Pixie

As you know, Sms already for a long time are considered as an unreliable method of two-factor authentication. In 2016 the National Institute of standards and technologies of the USA (The National Institute of Standards and Technology, a NIST) submitted the document^[1]according to which, use of Sms for implementation of two-factor authentication in the future will not be encouraged. Specialists of a NIST in general called this practice "inadmissible" and "unsafe"^[2].

The most widespread alternative to Sms and voice calls are hardware tokens (like the known YubiKey). But specialists from Florida InterNational University, together with Bloomberg, submitted in the fall of 2017 (PDF) the alternative solution: Pixie system. Developers claim that Pixie is more reliable even than hardware solutions.

Pixie extremely simply works. The user needs to select somehow a subject which will become "key" for implementation of two-factor authentication. Then Pixie will ask to take several pictures of the selected object. After that, every time when the user needs to become authorized somewhere, it will have to take one more picture of a key subject which Pixie will compare to previous.

Developers explain that only the user knows that he is a key subject, so, to compromise process of two-factor authentication in this case impracticablly. Here it will not turn out to manage interception of Sms or operation of vulnerabilities in SS7 protocol. Besides the user can make "key" the photo absolutely of a subject, use a photo under a certain corner or the photo of some certain part of an object.

At this Pixie shows extremely low number of false positive operations. So, false positive operations came from 14.3 million attempts of brute force only in 0.09% of cases. One more undoubted plus – Pixie does not transfer user data to remote servers, all authentication processes happen directly on the device.

Notes