Research at UOIT is delving into a new type of password, one that does not require users to memorize a string of numbers, letters, and symbols.
This new password is called a graphical password, and only requires users to memorize a location on a map.
Graphical passwords come in a variety of forms. The connect-the-dots passwords on your Android phone, that’s a graphical password.
They are a relatively new idea in the computer security field having first been suggested in 1996. Although not widely adopted yet, those in the computer security field see definite potential in their use and adoption.
The type of graphical password that UOIT is working on involves the use of global positioning systems. UOIT is using Google maps. To register their password the user will select a set of coordinates on the map: a building, an intersection, etc. then when the user uses the system the next time they select the same location on the map to log in.
The location serves as the user’s password. With a plethora of possible coordinates, the number of passwords available to users is large.
“There are other systems out there that we’ve looked at that I think are a little more interesting than a regular graphical password which uses places, with a map where people are choosing locations on a digital map,” said Dr. Julie Thorpe of the Faculty of Business and Information Technology at UOIT, who was heavily involved in the research. “That type seems to have reasonable security, better than other types of graphical passwords, also good usability. The downside is that it takes a little longer to log in.”
Graphical passwords provide protection from traditional brute force and dictionary attacks that plague traditional alphanumeric passwords and they are easier to remember, says Thorpe.
The research done at UOIT showed 97 per cent of participants remembered their location based password after one week.
“There is some evidence to suggest that they are (more memorable), but typically it’s more that people like to use them more,” said Thorpe. “And that the recognition based ones where people choose a subset of images from a set of images that those ones are more memorable.”
Although graphical passwords are safer and more user-friendly they do have a few drawbacks. Graphical passwords take a long time to register and enter when compared to traditional alphanumeric passwords, and they require more storage space. These are bugs that still being worked out.
Although relatively new there is serious interest in the development and implementation of graphical password systems, from the public and from computer security experts alike, and even Durham College students.
“I wouldn’t use it for banking information but I would be inclined to use it for Twitter or Facebook, just nothing that has sensitive data or information involved,” said Tristan of the Computer Programmer program at Durham College.
“I would use it for my email, it really seems handy. Having so many different locations to choose from would be a good bonus in terms of security of your information. The whole geographical aspect seems to be easier to remember,” said Andrew of the Paralegal program at Durham College.
As more research is done, and more participant studies are done graphical passwords may be used for more than signing-on to your Android phone. With multiple applications, the research at UOIT is a showcase of what’s to come.