Geographical passwords as a solution to the password problem
Posted on 17 February 2014.
The massive data breaches that happened in the last few years have proven beyond doubt that the text password authentication method has many flaws.

Security researchers and companies that are working on alternatives to this flawed system have though of many different schemes: picture and graphics-based passwords, inkblot-based passwords, pass-thoughts, and so on. All these approaches are looking for a method for users to created passwords that will be unique and easy to remember for the user, but difficult to guess and/or break for attackers.

The latest of these attempts has been described by computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE. He believes that "geographic" passwords are the solution to the problem (click on the screenshot to enlarge it):



This approach counts on the fact that users can more easily remember a favorite place that a complex password they chose themselves.

With this system, the user would choose a place on the map - the position of a tree he likes to rest under, a monument he likes to visit, a place where he experienced his first kiss, and so on - and draw a boundary around it.

"Selecting a geographical area can be done using different ways and shapes, a user for example can place a circle around his favorite mountain, or a polygon around his favorite set of trees, for an example," explains Al-Salloum.

"No matter how geographical areas are selected, the geographical information that can be driven from these areas (such as longitude, latitude, altitude, areas, perimeters, sides, angels, radius, or others) form the geographical password."

All this information is used to "calculate" the password, which then gets "salted" with a user-specific random string of characters, and all this together gets "hashed" in the end. In this way, different users will effectively never have the same password.

This type of password has many advantages: they are easy to remember and hard to forget, diverse, and hard to predict. And, according to Al-Salloum, "proposing an effective replacement of conventional passwords could reduce 76% of data breaches, based on an analysis of more than 47000 reported security incidents."









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //