Wednesday, September 29, 2010

Map Passwords and the Problem of Scale

Recent articles at Discovery News and TechNewsDaily describe AT&T researcher Bill Cheswick’s idea of using map coordinates as a password, rather than your first pet’s name or a book you read in junior high. A clear benefit of this is that it may be easier (maybe more secure?) to remember a map location and click on it than it is to remember a pesky alphanumeric code. Bill points out that “You could have a 10 digit latitude, and a 10 digit longitude, then you have a 20 digit password.”

Well, shoot, that sounds alright –until you realize how small a target that really is. You’d have to really zoom in to command that precise a coordinate in any web map. And don’t think that you’d get to click on “a hotel from a past vacation, a plaza, a friend's house, your elementary school, a former work place, etc.” on the map; you’d be clicking on the tip of a leaf, or the right blade of grass, or a specific bolt holding down a rooftop air conditioner.

Suppose the very best case scenario: you include the negative or positive hemisphere prefixes, and your position happens to be in the latitude and longitude hundreds ranges, then you’ve used up only 4 characters each for lat and long. That leaves us with 6 more digits of precision past the decimal place that we have to account for.  Even in a higher latitude like NYC, where Mercator will generously inflate the size of your password target, moving your mouse even very slightly leaps throws the 6th-precision digit around pretty wildly.

I could fit about 10 passwords, at the suggested precision, within the sign on top of this fuzzy taxi in Bing Maps.  How could I consistently hit the right spot?

How hard is it to hit the same 6-decimal place coordinate on Google Maps or Bing Maps? It’s almost impossible. For example, in that map snapshot above, an intersection in Manhattan, you can fit about 10 geo-click passwords (at the precision prescribed by Bill) within the sign on the roof of that taxi -and I’ve even zoomed in one step farther than Google or Bing lets you, a magnification of 4x what you can expect from a mashup. Plus, what happens when the imagery is updated and the new position of your landmark is shifted over a foot or so (especially for tangential distortion-happy rooftops), or obscured in shadow…or has disappeared altogether?

And we think CAPTCHAs can be annoying.  Good luck hitting the right spot! I’m going to stick with the name of my first pet, SpaRkeY. Oh no!


Ok, I can't stop thinking about this.  It's worse than I thought.  Suppose you don't need an excessive 20 character lat long password (which, as described above would be unusable).  Maybe you just need a 14 letter password, and the geographic area you'd have to click each time is bigger as a result (which would make it easier to click).  But you now have a severely reduced number of potential passwords that some brute force password buster could power through in no time.  Now eliminate all the areas on the map that have no discernible feature to visually peg as your password spot, like open fields, ice cover, water -that probably reduces the viable passwords to a tiny fraction of an already alarmingly small set.
In short, the geo password is either too tiny a target to meaningfully find over and over, or it's big enough to be clickable but there are so few options left that all your password are belong to us!

Cue the sad trombone riff!


  1. My preferred password is my boy's full name:
    Robert') DROP TABLE Students; --

  2. Do you use the same password for your online banking? I'm having a little trouble logging in!