Between super-powered hacker computers and keystroke recording malware, traditional passwords may no longer be secure enough. To overcome these problems, computer scientist Bill Cheswick has devised a new method for logging into secure areas: clicking on a map.
Speaking at the New York Institute of Technology Cyber Security Conference this past Wednesday, Cheswick described how users could memorize the exact spot on a satellite photo, with the longitude and latitude serving as the access code. By zooming down through the map to the high level of resolution, users can graphically produce a nearly unbreakable password that neither people nor viruses could track.
“The key idea is that you have a data set with very deep data, and you have to drill down. You could drill down on a map of anything. Probably better if it’s a map of someplace you’ve never been, so you’re not tempted to pick your childhood home,” said Cheswick, a scientists at AT&T research. “You could have a 10 digit latitude, and a 10-digit longitude, then you have a 20-digit password.”
Computer security protocols that involve clicking on a picture instead of typing a password have existed for 15 years. While clicking on a photo does defeat hacking programs that use dictionaries to break passwords, specially designed programs have evolved over the last decade that track mouse location specifically to break picture-based passwords.
By using a map with zoom, this new method renders those mouse-tracking programs useless. Sure, the virus will know where the mouse clicks, but unless it knows what map the user is looking at, and how deeply zoomed in they are, the hacking program can’t record the longitude and latitude that serve as the password.
To date, Cheswick has not done any usability studies on this technique, so he’s unsure whether or not it is easy enough for use by the general public. However, with threat of password cracking hackers increasing by the day, convenience of use may have to take a back seat to security.