Last month, it was announced that the most common password used online in 2013 was “123456.” Next was “password,” then “12345678.” For users not guilty of employing one of these supremely crackable codes, it’s still not hard to see where those who do are coming from. From email to social media to online banking, unlocking our digital lives involves so many different keys that it can become a tedious task to find the right one. Sacrificing a bit of security just makes things a little more convenient.
Now, a cyber security researcher named Ziyad S. Al-Salloum believes he has a way of making online passwords easier to remember and harder to crack: He calls it the “GeoGraphical” password.
It’s easier to associate websites with cities we’ve been to on vacations than with the increasingly complex strings of characters required today for secure access codes.
Basically, the method employs geographical data as opposed to alphanumeric characters as the building blocks of online access codes. Imagine that when you type your username into Facebook, there is no longer a simple box to the right in which you enter M!leyCyrus4LYFE93. Instead, a searchable, zoom-capable world map, à la Google Maps, appears on the screen. On this plane, you’re free to create your password by drawing any shape around any landmark you want: You could drop pinpoints to create a square around Missouri, or zoom in and circle the swimming pool in your old neighbor’s backyard. Only that specific configuration would allow you to log in.
In a recent study on the effectiveness of this technology, Al-Solloum contends that geography-based passwords are ideal because humans have a much harder time recalling numbers and letters than places. It’s easier to associate websites with cities we’ve been to on vacations than with the increasingly complex strings of characters required today for secure access codes.
Yet the greater advantage of geography-based passwords, Al-Solloum argues, is that the complexity of the variables behind them—like zoom level and size, shape, and angle of the highlighting marks—makes them incredibly hard to crack. Even if major websites like Facebook didn’t adopt the technology, it still could be used independently, Al-Solloum suggests. A map program on your desktop could transform data from your selected place into a long, seemingly random string of characters for you to copy and paste. Though you wouldn’t have a password actually made of geographical points in this case, you’d still have a highly secure alphanumeric code that you’d never have to memorize. Because of the high-security benefits, the password would also rarely require changing.
Ultimately, the popularity of geography-based passwords probably depends on the abilities of those who develop them to balance complexity with accessibility. Places are easy to remember, but no one wants to spend five minutes in a complicated program locating their favorite ice cream shop and then drawing an exact triangle around it.
“[U]sers will start learning how to enter their GeoGraphical Passwords quickly and will eventually develop their own techniques to speed up finding their secret GeoGraphical spot,” Al-Solloum told me over email.
Even if he’s right, it’s hard to imagine a geography-based password taking less time to input than “123456” any time soon.