The recent security breaches have proven that users are not very well protected using conventional passwords,
that is because people just don't like to memorize a long list of characters, which leads to many vulnerabilities that ZSS Login mitigates.
Vulnerability |
Conventional Passwords |
Geographical Passwords (ZSS Login) |
Comments |
Using passwords that are vulnerable to dictionary attacks |
Yes |
No |
Geographical passwords are not based on words (or sequence of alphabets) that exist in a dictionary. |
Using passwords that are short enough to be vulnerable
to brute-force attacks. |
Yes |
No |
The 256-bit randomly generated personal key makes brute forcing ineffective (i.e. Cyber criminals need trillions of years to brute force ZSS LOGIN geographical passwords, assuming 100 trillion guesses per second) |
Using the same password for different accounts |
Yes |
No |
The reasons to use the same password for different accounts does not exist in ZSS Login, as geographical locations are easy to remember. |
Constructing a password using obvious information,
such as birthdays or addresses, making the password
easy to guess |
Yes |
No |
The extracted geographical characteristics of the locations selected are keyed-hashed. |
Avoid changing the password according to a
recommended time interval. |
Yes |
No |
Changing a geographical password is easy, users can just pick another place, which will generate a new geographical password. Or users can keep the same geographical location, but change the password by changing their personal key. This is a great feature, which allows users to form a completely new password without changing their place preferences. |
In the event of changing a password, the new password
selected by the user is usually not very different from
the previous one. |
Yes |
No |
A location or a personal key change will result in a completely different geographical password. |