Geographical passwords could be future of online security

A Ras Al Khaimah-based researcher has developed a method of creating “geographical passwords” that use a grid reference for a memorable location to create the password.

From online shopping to internet banking, from social media profiles to email, most of us have internet accounts that require us to log in with a password no one else should know.

Although we ought to choose sequences of letters and numbers that would be almost impossible to guess, many passwords are based on familiar words or phrases.

They might be as obvious as the name of a relative, a pet or a favourite celebrity, perhaps with a few numbers, such as our date of birth, thrown in for good measure.

As reported in The National earlier this year, Dr Ziyad Al Salloum, who runs ZSS Research in Ras Al Khaimah, has developed a method of creating “geographical passwords” that use a grid reference for a memorable location to create the password.

The location could be for anything from a famous place, such as the Taj Mahal, to a tree in your garden.

Dr Al Salloum says users can install an extension on their browser that allows a map to be opened, the geographical location selected and the geographical password generated and pasted into the password field. To make it more difficult to crack, the password undergoes processing after the grid reference is chosen.

His company offers the software download for the technology and it has recently gained a British patent.

“Users only need to remember their selected favourite geographical locations to be able to log in to a conventional password-based system,” he said.

But how well would the system work in reality? According to Dr Joseph Bonneau, a fellow at Princeton University’s centre for information technology policy, it is hard to forecast how predictable people’s choices of location would be, until many people had been asked to do it.

“It’s also hard to estimate memorability precisely in lab experiments. Those are the two tough tests. A lot of systems appear to be memorable and hard to guess in the lab but, when deployed in practice for a large population, they aren’t quite as good,” he said.

Location-based systems in general also pose challenges to users because they may have to remember large numbers of different places for their various online accounts, according to Dr Jane Sinclair, a computer security researcher at Warwick University in Britain.

Large volumes of testing could determine how predictable the method is, and would indicate how easy it is to zoom in on locations, especially multiple locations using mobile phones, said Dr Eerke Boiten, a senior lecturer in the school of computing at the University of Kent.

“Geographical passwords are certainly an interesting idea that is worth trying out in practice,” he said.

So in the future, more of us may be using our favourite locations to keep our online accounts secure.

Published: December 20, 2014 04:00 AM


Editor's Picks
Sign up to:

* Please select one

Most Read