I was recently challenged with this question — “Selection of several images on a matrix of 36 images, for instance, would only give the level of mathematical strength that a long PIN provides. Is it any better than using long PINs?”
Our answer is “We could consider the threats of ‘visual-manual attacks on display’ and ‘automated attacks’ separately, say, we should be able to think of the measures to cope with them separately.
A figure of ’20-bit’, for instance, would be just a bad joke against automated attacks, whereas it would make a pretty tall wall against visual-manual attacks on display, particularly when the positions of images are shuffled on each trial.
Try the image-to-code conversion at our new website and you will see what kind of mathematical strength your image memory can generate/regenerate against automated attacks — https://www.mnemonicidentitysolutions.com/
Many more questions are answered in “Questions and Answers — Expanded Password System and Related Issues”
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
< Videos on YouTube>