Back in February, we covered a study by cyber security researcher Ziyad S. Al-Salloum that outlined the possible benefits of "GeoGraphical" passwords—online access codes based on geographical locations instead of alphanumeric characters. Al-Salloum explained that the technology would use online maps like Google Maps to allow people to log in to password-protected sites by highlighting their favorite places or selecting familiar areas on a grid, obviating the need to remember a handful of complex phrases and bolstering security by making passwords harder to crack.
At the time, Al-Salloum was busy developing a pilot program for the idea. Now, his first version is available for free online. The program, called ZSS, works by generating a long string of random characters for selected map locations and storing them as passwords for websites, then entering them automatically into sites when the locations are selected. The passwords remain character-based in this version, so the program, in its current form, really is just a high-tech shortcut to having an extremely intricate (and difficult to remember) login code, but Al-Salloum claims the security difference is still huge. "The 256-bit randomly generated personal key length makes brute forcing ineffective (i.e. 13.12 thousand trillion trillion trillion trillion trillion trillion centuries is required to exhaustively search every geographical password)," he writes on his website. It also avoids common weak-password mistakes like using obvious dates or names or recycling the same phrase on multiple accounts, he says.
You can watch the new program in action in the video below. While ZSS offers clear security benefits if Al-Salloum's claims are true, its success, as discussed in our previous coverage, will depend on the effort people are willing to put in for safety online. Al-Salloum's design looks fairly simple, but synching the program across multiple computers and mobile devices, as well as taking 30 seconds to track down your chosen locations every time you have to sign in somewhere, still isn't as easy as typing in your cat's name followed by your birthday. Do we want to endure a little inconvenience for extra protection? —Paul Bisceglio