The spatial password

A secret spot – a potential password? Hardly anyone knows about this 5 meter high rock face in the forests outside Trondheim.

Remembering passwords takes focus and time. I want to authenticate myself without having to write in a meanlingless stream of characters. I am on a weekly basis nagged by different systems to change my paswords.

We already have several biometrically based authentications metods. Fingerprints, iris scans, selfies, hand geometry and what have you. More are probably more to come. The jury is out on several of the metods. I will leave this to the experts.

Being a geographer my favourite authentication metod will rely on spatially referenced secrets buried deep inside my mind. I want to propose a novel metod for authentication. I want to use a map to navigate to a place which has a special meaning for me. It would basically work like this:

  1. I am stating my username (written)
  2. The system then asks me to authenticate my user status by asking me for one or several geographical position.

The position could be the answer to questions like these:

  • Where did you find your wallet when you lost it in 2012?
  • Where was your father born?
  • What is your favourite place to pick blueberries?
  • Where is the secret rockface outside Trondheim?
  • Where did you spend the night the 17th of november 1995?
  • and so on…

My answer would be made not by entering a string of characters. I would answer the question by panning and zooming a map to the  particular place. My answer would be to place a pin somewhere.

The method could be strengthening by asking for a combination of several places, or by varying the required precision in my answer. The answer (coordinates backoffice) would then be used to establish a string which again is the authentication variable (password).

Here are some combinations of the screen based password:

  • One position
  • Several positions
  • User traces a path

Real position combinations

  • Actual position represents the password
  • transport between several position srepresents the password
  • A track based on movements represents the password

The method will of course have it’s weaknesses. But it could work. And if someone already made this – then please send me a link!

An other variation of this method could be physical location or relocation in a given pattern. This would of course require a positional system which can not be spoofed, but where the position and its reporting is possible to confirm.

Leave a Reply

Your email address will not be published.