back to article New password system lets planet Earth do the hard work

Log-in credentials derived from geographical information could reduce the majority of data breaches by providing an almost uncrackable replacement for conventional passwords, according to security researchers. ZSS-Research of Ras Al Khaimah in the UAE has developed a system which requires users to choose a favourite place …


This topic is closed for new posts.
  1. Cliff

    Variant of features on a photo

    A couple of years back The Reg had an article about passwords where the user would draw over some notable features in a photo, sounds like the same thing.

    Problem is for my password for say the Royal Albert Hall Ticket Office, aren't I going to trace the RAH? Along with everyone else...

    1. Gav

      Re: Variant of features on a photo

      And the reason why the "draw on an image" password method was rubbish was because people would be very unimaginative and pick out the things practically everyone would.

      No matter what you do, if you are going to leave it to people to self select their method of identification you will always have people who pick bad/obvious identifiers.

  2. Christian Berger

    How much enthropy is there?

    I mean you somehow need to get information from the user to the system. It's easy to calculate how much information you can type, it's harder to estimate how many bits you can extract out of that kind of scheme.

    1. big_D Silver badge

      Re: How much enthropy is there?

      It also sounds like it won't stop the 1 password per site/service problem.

      I still think SQRL from Steve Gibson has more potential...

  3. Anonymous Coward
    Anonymous Coward

    Not much better than regular passwords

    How many people will choose the Eiffel Tower, the top of the Empire State Building, or some other well-known landmark? Will the system have to enforce not choosing such spots the same way you're forced not to use "password" as your password?

    Even if you choose a place that wouldn't be guessed by strangers, what about your friends? What about your ex-wife, who knows you very well, trying to choose locations she wouldn't guess but you could still remember well?

    Even if all those concerns are avoided, if your "password" becomes known just once, then you need to think of a new location. Plus, you wouldn't want to use the same location for your bank as Facebook, so you'll need multiple locations.

    Seems like it has all the problems passwords do.

    1. F111F

      Re: Not much better than regular passwords

      Me, I'm gonna pick that special place I go to whenever I read The Register...

      Mine's the one with the hole in the pocket...

    2. Anonymous Coward
      Anonymous Coward

      Re: Not much better than regular passwords

      "Seems like it has all the problems passwords do."

      But think of the password policy fun!

      * Cannot use location on the same continent for <insert choice here>.

      * Password fails atlas lookup.

      * If you have been there we would really like to talk to you...

      * .....

      1. johnnytruant

        Re: Not much better than regular passwords

        "Your password must contain at least one tree or traffic light, and an uppercase building"

  4. DropBear


    As someone who keeps dicking around with online maps a lot, I can't help noticing that selecting a specific location on a map (ie. zooming into it from a suitably generic start level) is not exactly a fast operation - I bet I could type even my longer passwords faster than that. Also, this sounds like it's aerial-view based (if you might see a tree on it) - so what happens when your map supplier updates the imagery, and your chosen spot suddenly becomes an invisible white smudge in a white field of... snow?

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm...

      > so what happens when your map supplier updates the imagery, and your chosen spot suddenly becomes ....

      Or a local farmer chops down that tree in a DoS attempt.

  5. Pete 2 Silver badge

    I already have a geographically based password system

    I know where my passwords are written down.

    Seriously, most websites that ask for passwords don't need them - or only need trivial examples as what they "protect" is, to all intents and purposes, worthless. For these sites: the overwhelming majority of sites, keeping the same passwords for all of them and never changing it is perfectly reasonable. Provided websites continue to allow anonymity: i.e. anyone can set up an account using any old "nickname" that hasn't already been used, there isn't even any reputational damage if a bad person does hijack your account.

    There are some sites: banks, any website that you make payments to/from, HMRC, places where you expose contact information to people you know (since you owe them a duty of care) where it is wise to keep passwords under wraps - and not use the same one that you would on snail fanciers forum. However, for those a solid password is at least as good as trying to remember a location (who would NOT choose the location of their house, or the bank branch in question?) and is easier to record, if you have a geographically based password system like mine.

    1. Lusty

      Re: I already have a geographically based password system

      I think the vast majority could just email a one time token to you when you visit and have no password at all. The problem is that the coders who write the website often put it in because they think they should put it in.

  6. Al_21

    Ye old look over shoulder

    Surely this will make it easier for people to look over your shoulder when you're logging in and make it easier to steal passwords?

    Text passwords are harder because it's often too long and difficult for people to keep track when I type it in, especially with the use of the Shift key for capitals or special characters.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ye old look over shoulder

      > Surely this will make it easier for people to look over your shoulder when you're logging in and make it easier to steal passwords?

      Your password will be protected by showing a black rectangle instead of the actual map.

  7. John Smith 19 Gold badge

    Theoretically clever.

    But a bit pants IRL?

  8. DJ 2

    I have this very special place

    it's a little wave, around 19 / -130 but google doesn't show pictures of waves anymore, how am I going to find it?

  9. Graham Marsden

    So how...

    ... is this going to stop people picking their house as their "special location" which is going to be as secure as using their birthday?

  10. Justin Stringfellow


    because the average luser will just draw round their house.

    I look forward to seeing the 80x24 terminal implementation.

    1. James 100

      Re: crap

      That's one obvious flaw - not so much for 80x25 terminals, but Braille-readers and similar: how exactly do blind people draw on a map they can't see? Passwords are fine, they can touch-type, but a map?

      Even an 'obvious' location won't be as obvious as a password of 'password' though: ok, the Eiffel Tower is a major landmark - but so's the Empire State Building, Niagara Falls, the Leaning Tower of Pisa ... if I were to tell you I'd picked an obvious major landmark as mine, which would it be?

      My brother might pick the church he got married in - or the hotel the reception was in, or the one the honeymoon was in. Or maybe the first school we both attended, or the house we lived in at the time (both in the countryside, so easy to pick out on a map) - ALL 'obvious' places to someone who knows him well, so which would it be? Those span two continents and only one is within a few miles of his home, and I could think of another dozen equally "obvious" places he might pick instead.

      Compare that with the usual: mother's maiden name, place of birth, siblings and offspring? All listed on Facebook, for a lot of people! Much easier to find. Add a hint like "bad NY hotel" and you have a specific building I could find in 10 seconds on Google Maps - and it's not in New York, either, that would be too obvious.

      1. Anonymous Coward
        Anonymous Coward

        Re: crap

        > That's one obvious flaw - not so much for 80x25 terminals, but Braille-readers and similar: how exactly do blind people draw on a map they can't see?

        Using Logo?

        1. Bloakey1

          Re: crap

          > That's one obvious flaw - not so much for 80x25 terminals, but Braille-readers and similar: how exactly do blind people draw on a map they can't see?

          "Using Logo?"

          No, using Broil!

          Errr, I am sorry I will feel that again. Ahh, Braille.

          I'll take that dood in the death zone on Everest! The one with the blue boots.

  11. Michael H.F. Wilkinson


    will it allow me to draw a contour around 10^8th Astral Crescent, Zoovroozlechester, Betelgeuse V?

    Sorry, time to get me coat, it appears. The one with the extra sleeve please

  12. Vociferous

    Summer home replaces pet name.

    Also, how is it easy to remember a freehand drawing around an object on a map? Either they need to limit how/what you select a lot, drastically reducing the degrees of freedom, or you'll have a hard time drawing the exact same bounding box.

    For most users it is sufficient to use a password manager (I strongly recommend LastPass) and let it manage your long, unique, random passwords.

    Now if only someone could do something about sites which limit the length of passwords to some low value and do not allow special characters...

    1. Tom 260

      Re: Summer home replaces pet name.

      You'd have to trace some key features around your target area (so if a tree, trace either it's foliage or a set of trees that surround it), which is fine until the satellite picture updates and there are changes that muck things up (two trees down in the storms, or the satellite has a different perspective so tall objects appear to shift).

  13. Anonymous Coward
    Anonymous Coward

    I really don't think they've thought about this

    Surely, the input method for this is going to be exceptionally complicated? I want to select Taipei 101... so I have to go hunting on some map for Taiwan, find Taipei, and so on? And do that each time I login?

    Or I suppose they could simplify the interface to a text box, and I can type in 'Taipei 101' as my password. Which I could do right now of course.

  14. detritus


    I can't find a reference, but I coulda sworn this was mooted at least a couple of years ago?

    ...or did I dream the idea and have been sitting on a potential gold mine all this time?

    Say it ain't so!

  15. Spoddyhalfwit

    More detail

    How will this work in practice? The world is a big place - so I assume you don't have to zoom in from a world map. I recall frightening statistics about how many Americans can't find the USA on a world map, and I would imagine things aren't that different for some Brits. If they can't find their own country how might they find another one, or find their town, let alone "special place" on a world map.

    So perhaps instead I first have to enter "wall street new york" and then click/circle a particular area of that location - probably a little better, but ultimately you're still defining a single bit of data that can be used to login if an attacker gets it.

    2 factor authentication must be the way to go - where a memorized password is combined with some kind of physical token.

  16. BongoJoe

    My favourite sheep...

    ...but it keeps moving!

  17. Jim 59


    It seems that any hard-to-guess password scheme will always be confoundedly hard to remember. This scheme is not an exception. It is easy to remember one location, but 23 or 123 locations would be no easier that 123 passwords. The same applies to the "keypad pattern" idea talked about a few years ago.

    I would say large entropy and hard-to-remember is actually the same thing.

  18. PyLETS

    Problem mainly solveable using standards

    Having to remember and input passwords makes any online system depending upon these weak.

    The banks have (largely) solved this by giving everyone a uniquely keyed device with a trivial secret needed with it (chip and pin) and issuing all merchants with a device it plugs into. Something you have and something you know. A standard intended to be usable by any number of servers and users for any number of applications has to be able to do at least as good as this. Initially I think it will be an application run on mobile phones which have the standards compliant embedded crypto chip which can sign stuff or one time entry tokens as you. Those wanting a device which hasn't got other (non security) applications will be able to find such on the open market once the API and network standards etc are well enough defined. Goes without saying these devices should be able to talk securely over Wifi, USB and Bluetooth - mobile phone apps already do. Maybe the SIM card could have some useful crypto extras standardised for this.

    If you want better than something you know and something you have, then not too difficult to add a fingerprint reader - something you are, but knowledge of your biometric used to unlock your device need be known only by the user and the security device the biometric unlocks.

    The obvious userid is any email address which can be routed to message the security device. No harm and much benefit in having more than one which a security device can sign for. The obvious PKI where certificates for such device keys should be stored and found is DNSSEC.

    No such solution will ever be perfect. Questions to ask about new proposed solutions like this are whether it is usable, affordable, open to all developers, and better than what was used for this purpose previously.

  19. wikkity

    Location Salted?

    "geographical information such as longitude, latitude, altitude and the length of the boundary to form the password, which is salted"

    I thought a scorched earth policy was outlawed under the Geneva convention?

  20. Anonymous Coward
    Anonymous Coward

    failure to understand the route cause

    This won't help victims from malware that takes screen-video of the location zoom-in, or shoulder-surfers, or ex-partners...

    The problem is with static authenticators - doesn't matter if it's text, a picture, a pattern - if the password is a static bunch of 1s and 0s then it can be stolen or guessed/cracked without the knowledge of the owner.

    One-time-codes are the only way. But the interwebs-thingy is too (relatively) new for the masses to accept OTCs. Just give it a few more years and it will be a no-brainer for our young padawans.

  21. Mark 85

    So if the landmark is destroyed, then what?

    Say, third tree on the left in Farmer Brown's field and the farmer cuts it down? Or that old house out on the country road and it burns down? Or the North Korean's nuke Seattle?

  22. Old Handle
    Paris Hilton

    I'm having a hard time imagining how this system would balance the needs for freedom, repeatability, and hashing. You need a good deal of freedom, or detail in other words, to select what you want who the whole thing loses its appeal. But enough detail to select a tree is also enough detail to create ambiguity in the outline of a hotel. And of course it's also critical that you be able to select the same area again next time from memory. The obvious solution would be to allow a small amount of error, but how can you compare a fuzzy figure to a hash? I guess you could individually test for all possible combinations of off-by-one errors, but I'm not sure that would really be good enough and it would become impractical fast with more than a few variables.

  23. bill 27


    Gimmee a IPV6 address and I'll append my mothers maiden name to the end of it as I type all of it in binary format at the prompt, to shorten the work perhaps hex would work.

    I saw an article about how many square ft/m each IP could be assigned to.

  24. Gav

    Where you look tells everyone what your location is

    The only way this could work is if each computer has one massive atlas database stored locally. Otherwise each time someone logs in, it's going to have to fetch the atlas data from a central server. That central server therefore contains very a big clues to what all password locations are, and the security of the system relies on one unencrypted point of failure/attack.

    Imagine; each morning user Alice logs in, hitting the atlas server for an image of the postcode area SW1A 1AA. Not going to take much to guess what the password location is.

    1. Zmodem

      Re: Where you look tells everyone what your location is

      you can use google maps with a decent php class for its api

  25. Zmodem

    2 factor login is worthless if you can use the same login for multiple sites, and somebody can steal your cookie and view it in their browser, take the string and base64_decode it in any code language and see a plain text string of your password etc and find the exploit to send it from a remote form

This topic is closed for new posts.

Other stories you might like