Passwords that can never be hacked!
Posted on Feb 16 2014 | IANS
Dubai, Feb 16 : With an ever-increasing cases of online account hacking being reported, it's getting difficult to protect passwords and keep the accounts safe. But worry no more.
A computer scientist has devised what he calls 'geographical passwords' to protect online accounts and keep the hackers at bay.
Computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE, has devised 'geographical passwords' as a simple yet practical approach to access credentials that could provide secure access to different entities.
At the same time, it would mitigate many of the vulnerabilities associated with current password-based schemes.
The new 'geo' approach exploits our remarkable ability to recall with relative ease a favourite or visited place and to use that place's specific location as the access credentials.
The prototype system developed at ZSS-Research is capable of protecting a system against known password threats.
"It's much easier to remember a place you have visited than a long, complicated password," argued Al-Salloum.
Even strong, but conventional passwords are a security risk in the face of increasingly sophisticated "hacker" tools that can break into servers and apply brute force to reveal passwords.
Indeed, over the last few years numerous major corporations and organisations - LinkedIn, Sony, the US government, Evernote, Twitter, Yahoo and many others - have had their systems compromised to different degrees.
"Proposing an effective replacement of conventional passwords could reduce 76 percent of data breaches, based on an analysis of more than 47,000 reported security incidents," stressed Al-Salloum.
The geographical password system utilises the geographical information derived from a specific memorable location around which the user has logged a drawn boundary - longitude, latitude, altitude, area of the boundary, its perimeter, sides, angles, radius and other features form the geographical password.
Once created, the password is then "salted" by adding a string of hidden random characters that are user-specific and the geographical password and the salt "hashed" together.
Thus, even if two users pick the same place as their geographical password the behind-the-scenes password settings is unique to them.
If the system disallowed two users from picking the same location, this would make it much easier for adversaries to guess passwords.
The research was published in the International Journal of Security and Networks.