Map Based Passwords - Slashdot

Please create an account to participate in the Slashdot moderation system

×

Map Based Passwords 169

Posted by samzenpus on Wednesday September 29, 2010 @02:58PM from the getting-directions-to-your-password dept.

smitty777 writes "Discovery is running an article on passwords based on a very specific location on a map. Instead of showing UID and Password fields, the user would simply click on a very specific spot on Google Earth, for example. I wonder how you would make that secure? Also, if you forgot, would you get a message saying 'Your password is the third flamingo on the left on the lawn of Aunt Bessie's house'?"

This discussion has been archived. No new comments can be posted.

Map Based Passwords

Search 169 Comments Log In/Create an Account

Comments Filter:

Brilliant... (Score:2, Insightful)

by Anonymous Coward writes: on Wednesday September 29, 2010 @03:00PM (#33738290)

... and when the internet link is down or God forbid, Google Earth is down, users login how?

Share
twitter facebook
Forget mouse trackers... (Score:5, Insightful)

by bieber ( 998013 ) writes: on Wednesday September 29, 2010 @03:03PM (#33738326)

...this one is easy enough to crack just by shoulder-looking. And of course there's the issue of needing to load a ton of map data just for a simple password entry, and if the map provider is out you're screwed. Plus the hassle of zooming down from a world-map to some specific point every time you want to get into a site. Need I go on?

Share
twitter facebook
not dumb (Score:3, Insightful)

by Tom ( 822 ) writes: on Wednesday September 29, 2010 @03:40PM (#33738876) Homepage Journal

It's not half as dumb as the summary makes it sound.
For security, what matters is the keyspace and the likelyhood of guessing correctly. The keyspace easily competes with alphanumeric passwords. It is dramatically reduced by the assumption that people will pick places with meaning to them, which means places they've been to. Nevertheless, it should measure up to passwords in security.
Different from passwords, though, the human mind is pretty well equipped to recall specific places. Arbitrary alphanumeric combinations, on the other hand, are amongst the most difficult things to remember and recall.

Share
twitter facebook
Re:not dumb (Score:3, Insightful)

by guyminuslife ( 1349809 ) writes: on Wednesday September 29, 2010 @05:54PM (#33740622)

I've gotta tell you, there's a lot of "empty" space out there.

Take the world.
Subtract the oceans.
Subtract the areas without any human settlements.
Subtract the areas without any features to distinguish them from surrounding areas. (Big, endless plains, random points in large forests, maybe even suburban rooftops)

You've gotten rid of most of the world.

Now, find the user's IP address.
Search for interesting features locally. There aren't that many of them. Sure, you *could* try writing an advanced image-processing system to do this, but it's easier just to use Google Earth metadata.
If you don't find it, search for interesting features regionally/nationally.
Then, internationally.
You can be less specific the more you spread your search out. I'm an American, I might choose Westminster Abbey as my password, but I'm not going to select a random flat in London.

Chances are, you're going to find it.

This rivals one of the worst-ever schemes security schemes I've seen. A credit union I used to use would let you select a "secret question" from a drop-down list. One of the questions was, "What is your favorite sports team?" This was a credit union that only did business in Dallas. So after you've guessed "Cowboys", "The Cowboys", "Dallas Cowboys", "The Dallas Cowboys"....you've probably gotten it right.

Parent Share
twitter facebook
Re:not dumb (Score:3, Insightful)

by Tom ( 822 ) writes: on Thursday September 30, 2010 @08:40AM (#33745732) Homepage Journal

Here's a vital difference: These things are different for each person.
Sure, if you are attacking a specific individual, finding out his address, finding his house on Google maps and finding the front door is easy.
But what you can't do is sweep through an entire University with a list of common passwords and look where you get lucky. You need to actually do some research on the particular person, and that drives costs up considerably. Mass-hacking would be over.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

He has not acquired a fortune; the fortune has acquired him. -- Bion