Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE, has devised geographical passwords as a simple yet practical approach to access credentials that could provide secure access to different entities.
The new "geo" approach exploits people's remarkable ability to recall with relative ease a favourite or visited place and to use that place's specific location as the access credentials.
The prototype system, developed at ZSS-Research, has proven itself capable of protecting a system against known password threats, researchers said.
"Proposing an effective replacement of conventional passwords could reduce 76 percent of data breaches, based on an analysis of more than 47,000 reported security incidents," Al-Salloum said.
The geographical password system utilises the geographical information derived from a specific memorable location around which the user has logged a drawn boundary - longitude, latitude, altitude, area of the boundary, its perimeter, sides, angles, radius and other features form the geographical password.
For instance, the user might draw a six-side polygon around a geographical feature such as the Eiffel Tower, Uluru (also known as Ayer's Rock), a particular promontory on the Grand Canyon, a local church, a particular tree in the woodland where they walk their dog or any other geographical feature.
Once created, the password is then "salted" by adding a string of hidden random characters that are user-specific and the geographical password and the salt are "hashed" together.
Thus, even if two users pick the same place as their geographical password the behind-the-scenes password settings are unique to them.The research was published in the International Journal of Security and Networks.