With an ever-increasing cases of online account hacking being reported, it’s
getting difficult to protect passwords and keep the accounts safe. But worry
A computer scientist has devised what he calls ‘geographical passwords’ to
protect online accounts and keep the hackers at bay.
Computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah,
UAE, has devised ‘geographical passwords’ as a simple yet practical approach
to access credentials that could provide secure access to different entities.
The new ‘geo’ approach exploits our remarkable ability to recall with relative
ease a favourite or visited place and to use that place’s specific location as
the access credentials.
The prototype system developed at ZSS-Research is capable of protecting a
system against known password threats.
“It’s much easier to remember a place you have visited than a long,
complicated password,” argued Al-Salloum.
Even strong, but conventional passwords are a security risk in the face of
increasingly sophisticated “hacker” tools that can break into servers and
apply brute force to reveal passwords.
Indeed, over the last few years numerous major corporations and
organisations – LinkedIn, Sony, the US government, Evernote, Twitter,
Yahoo and many others – have had their systems compromised to different
“Proposing an effective replacement of conventional passwords could reduce
76 percent of data breaches, based on an analysis of more than 47,000
reported security incidents,” stressed Al-Salloum.
The geographical password system utilises the geographical information
derived from a specific memorable location around which the user has logged
a drawn boundary – longitude, latitude, altitude, area of the boundary, its
perimeter, sides, angles, radius and other features form the geographical
Once created, the password is then “salted” by adding a string of hidden
random characters that are user-specific and the geographical password and
the salt “hashed” together.
Thus, even if two users pick the same place as their geographical password
the behind-the-scenes password settings is unique to them.
If the system disallowed two users from picking the same location, this would
make it much easier for adversaries to guess passwords.
The research was published in the International Journal of Security and