The geographical password system utilizes the geographical information derived from a specific memorable location around which the user has logged a drawn boundary- longitude, latitude, altitude, area of the boundary, its perimeter, sides, angles, radius and other features to form the geographical password.
The prototype system developed by ZSS-Research in Ras Al Khaimah, UAE has proven itself capable of protecting a system against known password threats.
Scientists say that the guessability or entropy of a geographical password would increase significantly if the password comprised two or more pinpointed locations. They claim that an earth map might have 360 billion tiles at 20 degrees of "zoom" which offers an essent ially limitless number of essentially unguessable geographical passwords.
"Proposing an effective replacement of conventional passwords could reduce 76% of data breaches based on an analysis of more than 47,000 reported security incidents," said computer scientist Ziyad Al-Salloum of ZSS-Research.
Al-Salloum emphasizes how increasingly complicated our online lives are becoming with more and more accounts requiring more and more passwords.
The user might draw a six-side polygon around a geographical feature such as the Eiffel Tower, Uluru, a particular promontory on the Grand Canyon, a local church, a particular tree in the woodland where they walk their dog or any other geographical feature.
Once created the password is then "salted" by adding a string of hidden random characters that are user-specific and the geographical password and the salt "hashed" together. Thus even if two users pick the same place the settin gs will be unique to them.
If the system disallowed two users from picking the same location it would make it much easier for adversaries to guess passwords.
Al-Salloum added that strong but conventional passwords are a security risk in the face of increasingly sophisticated "hacker" tools that can break into servers and apply brute force to reveal passwords. Over the last few years numerous major corporations and organizations have had their systems compromised to different degrees and overall millions of usernames and associated passwords have been harvested and even leaked online.
via Technology - Google News http://ift.tt/1cNS4WA
Put the internet to work for you.
0 comments:
Post a Comment