Sorry for the late reply. This system isn't designed to be used on a terminal over the net. From the original paper:
The proposed system is designed to be
used as a local password mechanism requiring physical
presence. That is, we consider authentication at the
entrance to a secure location where a guard can ensure
that a real person is taking the test without the aid of
any electronics.
And . . .
We note that physical presence is necessary in
authentication systems designed to resist coercion
attacks. If the system supported remote authentication
then an attacker could coerce a trained user to
authenticate to a remote server and then hijack the
session.
If you're allowed remote attempts and multiple failures, the system is insecure in several ways. It's designed to work in a scenario where you get ONE attempt, and there's an armed guard who doesn't take kindly to it if you fail.
If the attacker has long-term control (e.g. hostage, blackmail, etc.) this is useless.
If the attacker does not, you'll simply ask for help as soon as you're there.
If the attacker wants to impersonate you, a photo check will work as well and is much faster
The authors and the news coverage claim this offers some sort of rubber-hose defense but the only scenarios described are either contrived or duplicate more proven techniques (e.g. duress codes, biometrics)
