The recent release of the peer-reviewed research paper GeoGraphical Passwords* by Ziyad S. Al-Salloum got us all excited. New ideas in authorization and security models are what gets us jumping out of bed every morning. And this one had the implied promise of pictures!
The author defines the problem he will address by competently listing some of the problems we humans have with conventional passwords. We tend to:
– use passwords that are vulnerable to dictionary attacks
– use passwords that are short enough to be vulnerable to brute-force attacks
– re-use passwords for multiple accounts
– use obvious information (e.g. birthdays or addresses) that make our passwords easy to guess
– avoid changing passwords on a recommended time schedule
– use passwords that are similar to the one we just changed
and it’s just plain hard remembering passwords, anyway.
In short, we are a lazy species. (Idea for new research: do dolphins take as many shortcuts with their passwords as we humans do.)
To help us overcome our shortcomings in this regard, Mr Al-Salloum proposes a system that will take advantage of ‘the remarkable human ability to remember places’. We assumed that this would be a new system based on graphical passwords – yes, we were looking forward to the pictures.
Mr Al-Salloum, however, will have us know that he does not consider his proposed system to
‘fall under the two knowledge-based categories (conventional or graphical passwords) as neither it uses memorable alphanumeric characters nor it requires graphics, instead it uses Geographical information.’
After reading the Research Paper, readers will be forgiven for thinking his downplaying the relationship with graphical passwords is more or less a question of semantics. While identification of a picture is not the actual means of authorization, a visual representation of a location – as selected on a map – is necessary as the first step of the GeoGraphical Password (GeoGP) process.
Mr Al-Salloum’s system extracts geographical data from the location in the form of 2 longitudinal coordinates. These coordinates are then run through a mathematical algorithm together with various rectangular geographical areas and voilà out comes your password.
As an example, we are shown the result of selecting a location in Mexico City. We agree that the result is one heck of a password! Judge for yourself (figure 2).
To make the system even stronger the model includes several layers of earth maps that have various levels of ‘zoom’, with each location being represented by a different sized area on the map. Thus, selecting a location like a corner on the Champs-Élysée in Paris at zoom level 1 will have a different result than selecting the same location at zoom level 6, and will therefore result in a different password.
The author defines entropy as ‘an estimate of the average amount of work required to guess the GeoGP.’ In order to increase the entropy of his GeoGPs, a hash code ‘using a memorable string of characters (i.e. word or a phrase)’ would be used. The result of what can be considered a form of 2-factor authentication (picture + hash phrase) can be seen in figure 3, which includes a location in Egypt.
It is reasonable to infer that a tool will be necessary to do the necessary calculations each time we’d like to log in to a favorite site.
Granted that Mr Al-Salloum’s passwords are very strong, but let’s see how they measure up against his goals.
Are GeoGraphical Passwords
– vulnerable to dictionary attacks? No.
– vulnerable to brute-force attacks? No.
– liable to be re-used on multiple accounts? Knowing our friends (shockingly lazy), we think this would be the case.
– going to use obvious information? At a high level (Paris) – maybe, but not at the operational level (specific street corner).
– going to help users change their passwords in a timely fashion? Not likely. In fact, we think GeoGP will likely lead to people not changing their passwords at all. Not only will the passwords be very strong, but frequently changing the location of your passwords will quickly lead to a jumble of geographic sites for a user.
– likely to be changed to something similar? Yes, but this won’t be an issue. If the NW corner of a street is secure, then the SE corner is likely to be OK.
This all goes a long way to meeting the goal the author set for himself.
We readily agree that locations have a memorable quality about them that an alphanumeric string like tU673%y$#~0 does not. However, it is one thing to remember Paris as being the key to a certain password, and entirely another to remember exactly which geographical spot you selected as the location of the café you visited on your honeymoon. The finer the selection grid, the harder it will be to remember the exact spot of your ‘password’. Not a problem when you create the password, but what about when you return after 3 months of not accessing the account to find that you aren’t sure which spot you initially selected? (Was it in the middle of the block, or closer to the corner of the street?)
GeoGraphical Passwords surely are complicated and strong, but it also seems complicated to get one each time. And that is one of the issues that people certainly have with passwords: we all want our passwords quick and easy. (Not being lazy, dolphins are all about the vocal variation in their passwords.)
In the end, we suspect that users will run up against some of the same problems they have today with conventional passwords. As we start to collect more of these GeoGPs, we expect that we’ll be hearing more of this:
‘Honey, are we using Acapulco or Gran Canaria for the Amazon account?’
Of course, GeoGraphical Passwords are still just a concept but we’ll keep our eyes open for any products using GeoGP.
Bonne chance GeoGP!
Other takes on GeoGraphical passwords: