The international coverage and interest in the recently introduced GeoGraphical Passwords, showed how much people are eager for solutions to mitigate conventional passwords vulnerabilities. Below are few FAQs about geographical passwords.
A Geographical password is a password that has been constructed based on geographical information.
For full details, please refer to the paper titled “GeoGraphical Passwords” published in the International Journal of Security and Networks (IJSN), available free for anyone at: https://www.inderscience.com/admin/ospeers/getSource.php?id=64160&fid=1148952&fromonsusy=yes [PDF]ZSS Login is the world's first geographical password solution. It utilise the remarkable human ability to remember places as a way to provide safe access, where users can select geographical locations (such as favorite mountains, trees, rivers, or others places) as their very strong access credential to different systems.
When a user picks a place on planet Earth the geographical characteristics of that place is extracted and instantly keyed-hashed forming a very strong, yet easy to remember, geographical password.
The geographical password produced looks something like this:And each user has her own 256-bit -- randomly generated -- key providing ultra protection to user accounts.
Yes all ZSS Login processing and storing happens at the client's side. For example, personal key, website links, and user IDs are created in the client machine and does not go outside of the client machine at all (promoting trust no one security). However, Google Maps typical browsing requests (zoom in, zoom out..etc), goes directly from the client machine to google maps https secure server. Note that such browsing requests does not help the maps provider in revealing a geographical password -- thanks to users personal keys.
No. ZSS Login does not store any passwords at all. Geographical passwords are generated instantly as soon as the user clicks on a geographical location.
No. If graphics were used in geographical passwords systems then they were included for ease of use (or user preferences) and not a vital component of geographical passwords.
Please, note that a geographical password can be totally constructed without using any graphics at all; this is not the case with graphical passwords.
Read "GeoGraphical Passwords" paper for more.
| Vulnerability | Conventional Passwords | Geographical Passwords (ZSS Login) | Comments |
| Using passwords that are vulnerable to dictionary attacks | Yes | No | Geographical passwords are not based on words (or sequence of alphabets) that exist in a dictionary. |
| Using passwords that are short enough to be vulnerable to brute-force attacks. | Yes | No | The 256-bit randomly generated personal key makes brute forcing ineffective (i.e. Cyber criminals need trillions of years to brute force ZSS LOGIN geographical passwords, assuming 100 trillion guesses per second) |
| Using the same password for different accounts | Yes | No | The reasons to use the same password for different accounts does not exist in ZSS Login, as geographical locations are easy to remember. |
| Constructing a password using obvious information, such as birthdays or addresses, making the password easy to guess | Yes | No | The extracted geographical characteristics of the locations selected are keyed-hashed. |
| Avoid changing the password according to a recommended time interval. | Yes | No | Changing a geographical password is easy, users can just pick another place, which will generate a new geographical password. Or users can keep the same geographical location, but change the password by changing their personal key. This is a great feature, which allows users to form a completely new password without changing their place preferences. |
| In the event of changing a password, the new password selected by the user is usually not very different from the previous one. | Yes | No | A location or a personal key change will result in a completely different geographical password. |
Shoulder surfing is a common problem with many authentication schemes. However, ZSS Login is designed in a way that prevent shoulder surfing.
If two users selected the same geographical location, the geographical password generated will be totally different for each user. So if you choose the same junction as it appears in the screenshot above, your geographical password will be totally different. That is because each user has her own 256 bit personal key that will make every geographical password unique for each user.So even if someone saw your geographical location(s), it will be useless for him because he does not know your personal key.
This technology will revolutionize how people think about passwords, users won't be thinking numbers, letters, or symbols, they will instead think rivers, mountains, trees and other geographical locations.
And it is suitable for all ages!ZSS Login can be downloaded free by everyone.
Download the app and watch the tutorials.