Inspiration
We were inspired by the Charles Schwab security prompt, and together came up with a passwordless system we felt was original. We went with this system over something like facial recognition because we felt it is faster and more secure in some ways. The speed and simplicity of the process makes it very user friendly. This system is discrete in every way, and does not have the camera limitations of a facial recognition or other system that actively takes images.
What it does
The app is a login system prototype, that uses images instead of passwords as the primary login system. The system requires entry of a photo from the user's photo gallery, then on subsequent launches requires the same photo to be extant at the same location in the phone, or for this same photo to be selected manually be the user. This "password" image is encrypted and saved within the app data, and is decrypted for comparison on login. The purpose of this system is something that is quick and automatic when used on the same device, but in order to access this data remotely, the exact same image would be required, effectively functioning as an incredibly long and complex password.
How we built it
The app was developed using unity for android, and coded in C#. Art assets were created primarily in Photoshop. Encryption was done using Rjindael encryption within C#, with all password, pass-images and secure data being encrypted.
Challenges we ran into
We had difficulty in the early hacakthon due to having no clear project idea, eating up a significant portion of important development time. This also led into features being cut towards the end of the event. Differences in development skill also hampered development speed.
Accomplishments that we're proud of
We are proud of creating a functional, visually polished app, that accomplishes most of the objectives we set out to accomplish.
What we learned
Our knowledge of app development using unity was expanded significantly. We how to use the encryption systems implemented at this Hackathon, so this was new to us.
What's next for PhotoPass
If we are to continue building upon this system, the login would be changed to work using an online server system for accounts, such that the same account can be accessed using multiple devices. Additional encryption would be done at points to prevent an attacker from harvesting decryption data from the app's source. A two factor authentication system would be implemented for forgot/backup password, so an email would be sent to verify the legitimacy of the login, and the apps main photo security system could not be bypassed with a more simple text password. A further security step would be automatically logging out if sudden changes of location are found. This feature was coded, but not integrated or tested due to time constraints. If developed as a full project, we would likely switch to another app development system, as unity is tailored more to games, but for the process of rapid prototyping, unity was optimal for our group. The login system would have to be implemented into another app, as currently the system is self contained, protecting no data but itself. The option to take an image to later use as pass was considered, but not implemented. This feature would likely be implemented in the future.
Note: Development was done using unity's own version control, so was uploaded to GitHub purely for presentation/assessment
Log in or sign up for Devpost to join the conversation.