Exploring the Potential of GeoPass: A Geographic Location-Password Scheme
Interacting with Computers
Password schemes based on online map locations are an emerging topic in authentication research. GeoPass is a promising such scheme, as it provides satisfactory resilience against online guessing and showed high memorability (97%) in a single-password laboratory study. In this article, we investigate more deeply into the potential of GeoPass through four separate studies. First, in a 2-month-long field study, we found that users in a real-world setting remembered their location passwords 96.1% of the time and showed improvement with more login sessions. Then, in a study of interference effects in Geopass, in which each participant had to remember four separate location passwords, we found that memorability was <70%, with 41.5% of login failures due to interference. Based on these findings, we propose to address interference issues in GeoPass with mental stories, where users are asked to create a meaningful association between their location password and the corresponding account. We tested the efficacy of this approach through a second interference study, where the memorability rate for GeoPass was >97%, with only 3.4% of login attempts failing due to interference. We also conducted a shoulder-surfing study to examine the resilience of GeoPass against this attack. Based on our results, we identify the promising aspects of location passwords that should be further studied in future research.
Mahdi Nasrullah Al-Ameen and Matthew Wright. Exploring the Potential of GeoPass: A Geographic Location-Password Scheme. In Interacting with Computers. November, 2016.