Visual-password-based recovery enhancement for passkey ecosystems, a human-memorable but high-entropy recovery factor.

[aniketpersonal321-bit]

Hello,

I have been researching security gaps in passkey recovery workflows, particularly involving compromised cloud-sync accounts, SIM swaps, stolen devices, recovery email compromise, and malware on trusted devices.

To explore this problem space, I designed a visual-password-based recovery mechanism intended to work alongside passkeys, email OTP, and SMS OTP to strengthen recovery assurance and reduce fallback recovery risks.

The system is designed to provide a human-memorable but high-entropy recovery factor, where entropy can potentially be increased beyond 256 bits depending on configuration and implementation.

I have published related research in the Indian Journal of Computer Science and Technology:
https://www.doi.org/10.59256/indjcst.20260501025

You can see a video here: https://www.youtube.com/watch?v=hCIkA9owQRc

A working demonstration can be accessed here:
https://virtualwalll.com/locker_key/
Demo Username:
Callme8767061161
The name and phone number (10 digit) can be yours or anything random.
The password is Onion, Potato, Apple and Tomato.
Secret Margin is 5 and Positions and A & D.
Please refer to the attachment for more details.

The goal is not to replace WebAuthn/passkeys, but to improve account takeover resistance and recovery resilience.

I would greatly appreciate feedback regarding:

• threat modeling
• usability tradeoffs
• interoperability with passkey ecosystems
• possible attack surfaces
• recovery assurance implications

Thank you for your time and feedback.

Regards,
Aniket Deshpande
Explaination of Visual Keys with images regular.pdf