Smartpass: a New Authentication Scheme Using Geolocation

Abstract

Authentication is critical in today's digital world. Everything from e-mail access to e-commerce to online banking requires users to authenticate themselves. The most common form of authentication used is text or character passwords. A good password is hard for someone else to guess and easy for the user to remember. Creating good passwords is a challenge.We propose a new technique based on using a geographic location as the secret instead of characters. The proposed tool is web-based and can be used on either mobile devices or legacy machines. The new authentication scheme is very easy to use, easy to remember the secret, can easily replace the current password authentication scheme, can be deployed incrementally, and hard for someone else to guess the secret.We performed a user-based experiment, using mobile devices, to validate the usability, memorability, feasibility, and accuracy of the proposed new authentication scheme. All of our users reported they preferred this new authentication method and feel that the new method is better than the current password-based one. On average, users took 32 seconds to authenticate successfully. Although, this is slightly higher than the current password-based scheme, the majority of the users were able to login even after four weeks, leading us to conclude that the secret selected is easy to remember.