Geographical Image Association Provides Greater Password Security

By March 12, 2014

‘GeoGraphical’ passwords, based on visual images drawn from places that hold personal memories for the individual, might be an effective way of overcoming our tendency to choose weak passwords and so help boost password security.

It is not always easy to ensure personal data security. Today the challenge of ensuring secure access to digital systems is growing more complex due to the advent of connected objects and such conveniences as digital medical records, and at the same time the practical aspects of maintaining secure identification credentials are becoming ever more difficult. While ‘Querty’ is quite easy to remember, S@kù{iT is far less so. However, while a cybercriminal will certainly find it much harder to crack the more complicated sequence, the user will still have to be able to remember this non-intuitive password construction! Meanwhile, as the range of online services increases, so does the number of passwords we have to construct and remember, if we want to maintain effective protection. Now Ziyad S. Al-Salloum, founder of cyber security organisation ZSS, has come up with an intuitive solution. The Saudi expert is proposing that, rather than following the traditional text-based approach, we ought to be using a visual recognition solution based on personal geographical associations that will make every password truly unique.

900gage!@#: complicated but not un-crackable!

The above password, which was constructed by an expert hacker to protect the Flame Botnet, embodies a high degree of complexity. However, points out Ziyad Al-Salloum, someone did in fact manage to it decipher it. Computer experts measure the complexity of a password in bits, which denote the amount of effort a cybercriminal would need to apply in order to decipher it. If a hacker can crack a password using common word constructions, the password is said to provide only 10 bits of security.  If a cyber-attacker is able to ‘brute force’ the password offline, it provides 20 bits of security. What Mr Al-Salloum has dubbed the ‘GeoGraphical’ solution offers up to 371 bits. The concept is fairly straightforward. From a range of satellite photographs taken on various scales, you select a number of images which mean something to you personally. The images might be of your own country seen from space or pictures taken from your neighbourhood, but they should be places that hold memories for you. Visual recognition is much easier than memorising a random series of characters, especially as the places selected hold a personal meaning for you. As well as being highly intuitive, this truly personalised entry authentication will be very difficult to hack. And if, as you should, you change your password regularly, this approach will help you to come up with the next one.

A ‘touchy-feely’ approach

Visual recognition techniques applied to passwords are of course not exactly new. Last December for example, researchers at Carnegie Mellon University put forward an image association game with the aim of creating a secure identification system. This approach is part of the drive to bring down all barriers between information and communication technology and the user. From ‘wearable’ devices to the surge in Augmented Reality applications, the potential opened up by ICTs seems to be moving us away from a formal relationship with technology towards a more ‘feelings-based’ approach. 900gage!@#, is a formal, random compartmentalised password, which will fade from the mind much faster than the memory of a place you have actually visited, associated with all the feelings and uniquely personal recollections. If all this seems rather ‘gadgety’, a step too far, or perhaps just a way for developers to infiltrate their technology into the human psyche, we should at least recognise that the GeoGraphical approach to system entry authentication increases the security of our passwords 15-fold.

Legal mentions © L’Atelier BNP Paribas