• Home
  • FAQ
  • Manual
  • About
  • Frequently Asked Questions
  • Img        Img
  • What is a Geographical Password?

    A Geographical password is a password that has been constructed based on geographical information.

    For full details, please refer to the paper titled "Geographical Passwords" published in the International Journal of Security and Networks (IJSN), available free for anyone at: https://www.inderscience.com/admin/ospeers/getSource.php?id=64160&fid=1148952&fromonsusy=yes [PDF]

    What are the main features of Geographical Passwords?
    Geographical passwords are based on geographical locations which have at least three great features that makes it an excellent access credential:

    • easy (and enjoyable) to remember and hard to forget; especially if there were feelings and memories associated with the selected places.
    • diverse; there are many geographical locations where the user can select from.
    • hard to predict; as users choose places based on their preference and experiences.
    What is Passwhere and how does it work?
    Passwhere is the world's first geographical password solution. It utilize the human ability to remember places as a way to provide safe access, where users can select geographical locations (such as favorite mountains, trees, rivers, or others places) as their very strong access credential to different systems.

    How Geographical Passwords are generated instantly in Passwhere:
    1. Something You Know Stage:
      • When the user long tap on a geographical location, the geographical characteristics of the selected place (or places) will be extracted.
      • These geographical characteristics are then concatenated with account password settings of the selected account.
    2. Something You Have Stage:
      • A keyed-hash message authentication code (HMAC) operation will be preformed where the key
        is the user's 256 bit randomly generated personal key (generated during installation)
        and the message is the result of the value obtained from the something you know stage
        (i.e. geographical characteristics+account password settings).
        The result of the HMAC operation is the geographical password.
    Is Passwhere client side?

    Yes all Passwhere processing happens at the client's side. Google Maps typical browsing requests (zoom in, zoom out..etc), goes directly from the device to google maps https secure server. Note that such browsing requests does not help the maps provider in revealing a geographical password, as each map is unique to its user.

    Is Passwhere a Graphical Password Mechanism?

    No. If graphics were used in geographical passwords systems then they were included for ease of use (or user preferences) and not a vital component of geographical passwords.

    A geographical password can be totally constructed without using any graphics at all; this is not the case with graphical passwords.

    Read "Geographical Passwords" paper for more.

    Why should I use Passwhere?
    The recent security breaches have proven that users are not very well protected using conventional passwords, that is because people just don't like to memorize a long list of characters, which leads to many vulnerabilities that Passwhere mitigates.

    Vulnerability Conventional Passwords Geographical Passwords (Passwhere) Comments
    Using passwords that are vulnerable to dictionary attacks Yes No Passwhere genereate random geographical passwords that are not based on words (or sequence of alphabets) that exist in a dictionary.
    Using passwords that are short enough to be vulnerable to brute-force attacks. Yes No Users pick short passwords because they are easier to remember, such limitation does not exist with geographical passwords, since they are based on memorable places.
    Using the same password for different accounts Yes No The reasons to use the same password for different accounts does not exist in Passwhere, as users can remember only one place but generate many geographical passwords for different accounts.
    Constructing a password using obvious information, such as birthdays or addresses, making the password easy to guess Yes No The extracted geographical characteristics of the locations selected are keyed-hashed.
    Avoid changing the password according to a recommended time interval. Yes No Changing a geographical password is easy, users can just pick another place, which will generate a completely new geographical password. Or keep the same geographical location, but change the password settings of the selected account.
    In the event of changing a password, the new password selected by the user is usually not very different from the previous one. Yes No A location or password settings change will result in a completely different geographical password.
    What about shoulder surfing?

    Shoulder surfing is a common problem with many authentication schemes. However, Passwhere is designed in a way that prevent shoulder surfing.

    If two users selected the same geographical location, the geographical password generated will be totally different for each user. That is because each user has her own map, which will make every geographical password unique for each user.

    So even if someone knew your geographical location(s), it will be useless for him because he does not know your personal key.

    How would this new technology change how people approach passwords?

    People won't be thinking numbers, letters, or symbols, they will instead think rivers, mountains, trees and other geographical locations.

    And it is suitable for all ages!

    How to get started?

    Download Passwhere and read the manual.

  • © 2020 Passwhere Technologies. All Rights Reserved.
    Ras Al Khaimah, UAE.