[nabs-l] Would you sign into Facebook with a map?

Mon Feb 24 18:15:23 UTC 2014

Just when you thought a CAPCHA was bad enough.

http://www.psmag.com/navigation/nature-and-technology/sign-facebook-map-75186/

Would You Sign Into Facebook With a Map?
BY PAUL BISCEGLIO • February 21, 2014 • 12:02 PM
(Photo: jacob earl/Flickr)
Share on facebookShare on twitterShare on google_plusone_shareShare on
emailShare on printMore Sharing Services
Geography-based passwords may be the future of online security.
•
Last month, it was announced that the most common password used online
in 2013 was “123456.” Next was “password,” then “12345678.” For users
not guilty of employing one of these supremely crackable codes, it’s
still not hard to see where those who do are coming from. From email
to social media to online banking, unlocking our digital lives
involves so many different keys that it can become a tedious task to
find the right one. Sacrificing a bit of security just makes things a
little more convenient.
Now, a cyber security researcher named Ziyad S. Al-Salloum believes he
has a way of making online passwords easier to remember and harder to
crack: He calls it the “GeoGraphical” password.
It’s easier to associate websites with cities we’ve been to on
vacations than with the increasingly complex strings of characters
required today for secure access codes.
Basically, the method employs geographical data as opposed to
alphanumeric characters as the building blocks of online access codes.
Imagine that when you type your username into Facebook, there is no
longer a simple box to the right in which you enter M!leyCyrus4LYFE93.
Instead, a searchable, zoom-capable world map, à la Google Maps,
appears on the screen. On this plane, you’re free to create your
password by drawing any shape around any landmark you want: You could
drop pinpoints to create a square around Missouri, or zoom in and
circle the swimming pool in your old neighbor’s backyard. Only that
specific configuration would allow you to log in.
In a recent study on the effectiveness of this technology, Al-Solloum
contends that geography-based passwords are ideal because humans have
a much harder time recalling numbers and letters than places. It’s
easier to associate websites with cities we’ve been to on vacations
than with the increasingly complex strings of characters required
today for secure access codes.
Yet the greater advantage of geography-based passwords, Al-Solloum
argues, is that the complexity of the variables behind them—like zoom
level and size, shape, and angle of the highlighting marks—makes them
incredibly hard to crack. Even if major websites like Facebook didn’t
adopt the technology, it still could be used independently, Al-Solloum
suggests. A map program on your desktop could transform data from your
selected place into a long, seemingly random string of characters for
you to copy and paste. Though you wouldn’t have a password actually
made of geographical points in this case, you’d still have a highly
secure alphanumeric code that you’d never have to memorize. Because of
the high-security benefits, the password would also rarely require
changing.
Ultimately, the popularity of geography-based passwords probably
depends on the abilities of those who develop them to balance
complexity with accessibility. Places are easy to remember, but no one
wants to spend five minutes in a complicated program locating their
favorite ice cream shop and then drawing an exact triangle around it.
“[U]sers will start learning how to enter their GeoGraphical Passwords
quickly and will eventually develop their own techniques to speed up
finding their secret GeoGraphical spot,” Al-Solloum told me over
email.
Even if he’s right, it’s hard to imagine a geography-based password
taking less time to input than “123456″ any time soon.