Online Passwords Could Be a Map

By JakeSeptember 29th, 2010 5 Comments

Online Passwords Could Be a Map : Discovery News (h/t Slashdot)

Interesting idea. I’ve been using 1Password for a while now, thanks to nudges from Paul (@ppedrazzi) and Rich (@rmanalan), but one danger is using that strong, random, automatically-generated passwords means I’ve no idea what my Facebook or Google password is.

Therefore, I’m at the mercy of 1P’s clients and its database.

The idea of using lat-long coordinates as the password, as entered by a map is highly intriguing. I’d feel much more secure with that system.

Thoughts?


Possibly Related Posts

  • http://www.matttopper.com topperge

    Are you trying to call me out of my cave? His justification that a hacker can’t snoop your location on the map is BS. Google renders the images for the squares on the map with static file names. If the hacker has control of your browser and the position of your mouse click within it he most definitely can capture all the inbound images and all of your mouse clicks and paths to slip the map round the screen to figure out the location you’re clicking on. It’s a good idea and stronger than most peoples passwords, but just as hackable as capturing keystrokes and mouse clicks. I prefer one time use passwords that send me a text on my phone and PKI certificates, but that’s just me.

  • http://theappslab.com Jake

    Wow, a Topper sighting. I thought it was a clever option, and I still do, even after you debunked the non-hackability. If you’ve lost your browser to a keylogger, you’ve got worse problems frankly.

    I also prefer PKI and two-part auth, like Google is rolling out soon, but this is a solid option.

  • joel garry

    As I read it, I though “shoulder surfing,” as apparently the first poster there did too.

    And I had just read http://catless.ncl.ac.uk/Risks/26.17.html#subj13

  • http://theappslab.com Jake

    Yeah, that would be pretty easy I suppose, assuming you could glean the exact location. Interesting article. Schneier’s quote about amateurs vs. pros is interesting. I think the amateurs do just fine attacking machines, i.e. vulnerabilities. I guess pros do right to attack the person, but it’s a weird comparison, especially without context for the comparison.

    Maybe I missed the context.

  • http://twitter.com/theappslab/statuses/25913782139 theappslab (theappslab)

    Twitter Comment


    Online Passwords Could Be a Map [link to post]

    Posted using Chat Catcher