Exploring the Potential of GeoPass: A Geographic Location-Password Scheme

Authors

Mahdi Nasrullah Al-Ameen, Utah State UniversityFollow
Matthew Wright, University of Texas at Arlington

Document Type

Article

Journal/Book Title/Conference

Interacting with Computers

Volume

29

Issue

4

Publisher

OUP

Publication Date

11-14-2016

First Page

605

Last Page

627

Abstract

Password schemes based on online map locations are an emerging topic in authentication research. GeoPass is a promising such scheme, as it provides satisfactory resilience against online guessing and showed high memorability (97%) in a single-password laboratory study. In this article, we investigate more deeply into the potential of GeoPass through four separate studies. First, in a 2-month-long field study, we found that users in a real-world setting remembered their location passwords 96.1% of the time and showed improvement with more login sessions. Then, in a study of interference effects in Geopass, in which each participant had to remember four separate location passwords, we found that memorability was 97%, with only 3.4% of login attempts failing due to interference. We also conducted a shoulder-surfing study to examine the resilience of GeoPass against this attack. Based on our results, we identify the promising aspects of location passwords that should be further studied in future research.

Recommended Citation

Mahdi Nasrullah Al-Ameen and Matthew Wright. Exploring the Potential of GeoPass: A Geographic Location-Password Scheme. In Interacting with Computers. November, 2016.