PassMap

PassMap was proposed by National Tsing Hua University researchers Hung-Min Sun, Yao-Hsin Chen, Chiung-Cheng Fang, and Shih-Ying Chang at the 7th Association for Computing Machinery Symposium on Information, Computer and Communications Security. They defined PassMap as letting a consumer get authenticated by choosing a series of points on a big world map. Their study showed that for people, PassMap passwords are more user-friendly and memorable.{{cite book |last1=Sun |first1=Hung-Min |last2=Chen |first2=Yao-Hsin |last3=Fang |first3=Chiung-Cheng |last4=Chang |first4=Shih-Ying |date=2012 |title=PassMap: a map based graphical-password authentication system |publisher=Association for Computing Machinery |pages=99–100 |doi=10.1145/2414456.2414513 |chapter=Pass Map |isbn=9781450316484 |s2cid=15673920 }}

Users are shown Google Maps on their screen, through which they can zoom in to choose any two points they want to become their PassMap password. Since PassMap uses Google Maps, it cannot be used in applications that lack Internet access or Google Maps integration.{{cite journal |last1=Rajarajan |first1=S. |last2=Prabhu |first2=M. |last3=Palanivel |first3=S. |last4=Karthikeyan |first4=M.P. |date=2014-03-20 |title=Gramap: Three Stage Graphical Password Authentication Scheme |url=http://www.jatit.org/volumes/Vol61No2/4Vol61No2.pdf |journal=Journal of Theoretical and Applied Information Technology |volume=61 |issue=2 |pages=262–269 |accessdate=2015-08-16 |archiveurl=https://web.archive.org/web/20160307221225/http://www.jatit.org/volumes/Vol61No2/4Vol61No2.pdf |url-status=live |archivedate=2016-03-07 }} By default, PassMap's screen is set to the eighth zoom level and is centered on Taiwan. PassMap has no constraints on the zoom level, so consumers are allowed to select dots at unsafer, lower levels, like level 8. It does not normalize error tolerance based on a screen's zoom position.{{cite journal |last1=Thorpe |first1=Julie |last2=MacRae |first2=Brent |last3=Salehi-Abari |first3=Amirali |date=2013 |title=Usability and Security Evaluation of GeoPass: a Geographic Location-Password Scheme |url=https://cups.cs.cmu.edu/soups/2013/proceedings/a14_Thorpe.pdf |journal=Symposium on Usable Privacy and Security |accessdate=2015-08-16 |archiveurl=https://web.archive.org/web/20160304082856/https://cups.cs.cmu.edu/soups/2013/proceedings/a14_Thorpe.pdf |url-status=live |archivedate=2016-03-04 }} PassMap's effective login percentage is 92.59%.{{cite book |last1=Al-Ameen |first1=Mahdi Nasrullah |title=Proceedings 2015 Workshop on Usable Security |last2=Wright |first2=Matthew |date=2015-02-07 |chapter=Multiple-Password Interference in the GeoPass User Authentication Scheme |chapter-url=https://www.internetsociety.org/sites/default/files/02_1_4.pdf |publisher=Internet Society |doi=10.14722/usec.2015.23004 |accessdate=2015-08-16 |archiveurl=https://web.archive.org/web/20150604085456/https://www.internetsociety.org/sites/default/files/02_1_4.pdf |archivedate=2015-06-04 |isbn=978-1-891562-40-2 |s2cid=16989950 }}

Ritika Sachdev wrote in the International Journal of Pure and Applied Research in Engineering and Technology that based on psychological studies, people can effortlessly recall the milestones they have visited. Sachdev called PassMap a "highly subjective or customized based password to ensure security".{{cite journal |last=Sachdev |first=Ritika |date=2014 |title=User Authentication: A Case History |url=http://ijpret.com/publishedarticle/2014/8/IJPRET%20-%20IT%203.pdf |journal=International Journal of Pure and Applied Research in Engineering and Technology |volume=3 |issue=1 |pages=77–84 |issn=2319-507X |accessdate=2015-08-16 |archiveurl=https://web.archive.org/web/20150816180529/http://ijpret.com/publishedarticle/2014/8/IJPRET%20-%20IT%203.pdf |url-status=live |archivedate=2015-08-16 }}

S. Rajarajan, M. Prabhu, and S. Palanivel praised PassMap for having "good memorability due to the usage of map for the password mechanism". But they noted that, like many graphical passwords, PassMap is susceptible to a shoulder surfing intrusion.

{{reflist}}

Category:Password authentication