Tuesday, September 21, 2010

Online Maps May Be the Next Best Password Technology

MSNBC has an interesting article on how interactive, online maps may be the next step in encryption/decryption technology.  The key take away paragraphs are

Speaking at the New York Institute of Technology Cyber Security Conference this past Wednesday, Cheswick described how users could memorize the exact spot on a satellite photo, with the longitude and latitude serving as the access code. By zooming down through the map to the high level of resolution, users can graphically produce a nearly unbreakable password that neither people nor viruses could track.


By using a map with zoom, this new method renders those mouse-tracking programs useless. Sure, the virus  will know where the mouse clicks, but unless it knows what map the user is looking at, and how deeply zoomed in they are, the hacking program can’t record the longitude and latitude that serve as the password. 

So your password protocols could be to click on the church on the map or largest parking lot.  While not geography exactly, this could be a neat tie in between maps and non-geography based computer science.


Twelve Mile Circle said...

Thanks for posting this. I’ve been bedeviled by attempted spam comments on my blog for ages, as I’m sure you have, and have been frustrated by the various methods used to thwart them. I would find it extremely satisfying to have a map-based password and verification scheme for my geography-based website. It would be poetic justice.

Ryan said...

This is a timely post for me as well. I just had a hotmail account hacked for the first time in about ten years. Very frustrating.

It's cool to think about the tasks we as humans think are quite simple, such as recognizing certain objects in pictures. Amazon's Mechanical Turk had a job for a while that had thousands of pictures (google street view like) that needed the presence of a guard rail verified. Pretty simple. But at a penny a slide, not very profitable.

I love the idea of this type of visual password.

I can just see the errors "You can not use this location because a user cannot use their house as their visual passkey".