PicPad is an authentication method in which the user must click on a number of images in the correct order to authenticate. The images and order of them are unique to each user and should be kept secret, as a password.
No special settings are required in order to use PicPad: the principal is the same as for PINpad behind the scenes, in that a security string is generated and the order of the images is set according to the sequence of the security string.
The main difference between PicPad and PINpad is that PicPad uses images instead of digits. Therefore, users must know their “PINs” as sequences of images, rather than as sequences of digits. Therefore, they should be sent their credentials as images. In order to achieve this, you need to configure the alert messages to send credentials as images. Currently, this can only be done with email alerts: under Messaging -> SMTP, locate the setting “Show PIN as pictures” and set that to “Yes”. Additionally, “PicPad image URL” needs to be set correctly. The default value, “%BASE_URL/proxy/images/picpad/%DIGIT%.png” will be correct provided that the Base URL under Server -> Name is set to the public URL of the appliance front end (the URL that displays user portal, for example). If this URL is not set, or is not public, you will need to use a public URL that can show these images. Contact Swivel Secure for advice.
Another difference between PINpad and PicPad, as you will see from the above image, is that there are 20 images, rather than 10 digits. Since Sentry only supports PINs with the digits 0 to 9, PINs can only be set with the corresponding images, so only the first two rows of images can be used in PINs. Row 1 corresponds to the digits 1 to 5, row 2 the digits 6 to 9 and 0. The 3rd and 4th rows are “dummy” images which cannot be used in PINs.
The use of 20 images is just a convention: if you prefer that your users do not see images that cannot be part of a PIN, you can restrict the images to just the first 10.
In the future, it is anticipated that different image sets will be available. It is also hoped that the full set of 20 images will be useable in PINs.
Implementation of PicPad within a web page is application specific: if you have a requirement to use PicPad within a particular login web page please contact Swivel Secure for advice.