Geographical passwords as a solution to the password problem
Posted on 17 February 2014.
Bookmark and Share
The massive data breaches that happened in the last few years have proven beyond doubt that the text password authentication method has many flaws.

Security researchers and companies that are working on alternatives to this flawed system have though of many different schemes: picture and graphics-based passwords, inkblot-based passwords, pass-thoughts, and so on. All these approaches are looking for a method for users to created passwords that will be unique and easy to remember for the user, but difficult to guess and/or break for attackers.

The latest of these attempts has been described by computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE. He believes that "geographic" passwords are the solution to the problem (click on the screenshot to enlarge it):



This approach counts on the fact that users can more easily remember a favorite place that a complex password they chose themselves.

With this system, the user would choose a place on the map - the position of a tree he likes to rest under, a monument he likes to visit, a place where he experienced his first kiss, and so on - and draw a boundary around it.

"Selecting a geographical area can be done using different ways and shapes, a user – for example – can place a circle around his favorite mountain, or a polygon around his favorite set of trees, for an example," explains Al-Salloum.

"No matter how geographical areas are selected, the geographical information that can be driven from these areas (such as longitude, latitude, altitude, areas, perimeters, sides, angels, radius, or others) form the geographical password."

All this information is used to "calculate" the password, which then gets "salted" with a user-specific random string of characters, and all this together gets "hashed" in the end. In this way, different users will effectively never have the same password.

This type of password has many advantages: they are easy to remember and hard to forget, diverse, and hard to predict. And, according to Al-Salloum, "proposing an effective replacement of conventional passwords could reduce 76% of data breaches, based on an analysis of more than 47000 reported security incidents."









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //