Online Passwords Could Be a Map : Discovery News (h/t Slashdot)
Interesting idea. I’ve been using 1Password for a while now, thanks to nudges from Paul (@ppedrazzi) and Rich (@rmanalan), but one danger is using that strong, random, automatically-generated passwords means I’ve no idea what my Facebook or Google password is.
Therefore, I’m at the mercy of 1P’s clients and its database.
The idea of using lat-long coordinates as the password, as entered by a map is highly intriguing. I’d feel much more secure with that system.
Thoughts?
Are you trying to call me out of my cave? His justification that a hacker can’t snoop your location on the map is BS. Google renders the images for the squares on the map with static file names. If the hacker has control of your browser and the position of your mouse click within it he most definitely can capture all the inbound images and all of your mouse clicks and paths to slip the map round the screen to figure out the location you’re clicking on. It’s a good idea and stronger than most peoples passwords, but just as hackable as capturing keystrokes and mouse clicks. I prefer one time use passwords that send me a text on my phone and PKI certificates, but that’s just me.
Wow, a Topper sighting. I thought it was a clever option, and I still do, even after you debunked the non-hackability. If you’ve lost your browser to a keylogger, you’ve got worse problems frankly.
I also prefer PKI and two-part auth, like Google is rolling out soon, but this is a solid option.
As I read it, I though “shoulder surfing,” as apparently the first poster there did too.
And I had just read http://catless.ncl.ac.uk/Risks/26.17.html#subj13
Yeah, that would be pretty easy I suppose, assuming you could glean the exact location. Interesting article. Schneier’s quote about amateurs vs. pros is interesting. I think the amateurs do just fine attacking machines, i.e. vulnerabilities. I guess pros do right to attack the person, but it’s a weird comparison, especially without context for the comparison.
Maybe I missed the context.
Twitter Comment
Online Passwords Could Be a Map [link to post]
– Posted using Chat Catcher