Usability and security evaluation of GeoPass: a geographic location-password scheme

  • Thorpe J
  • MacRae B
  • Salehi-Abari A
  • 46


    Mendeley users who have this article in their library.
  • 14


    Citations of this article.


We design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a "location-password"). We conducted a multi-session in-lab/at-home user study to evaluate the usability, memorability, and security of location-passwords created with GeoPass. The results of our user study found that 97% of users were able to remember their location-password over the span of 8-9 days and most without any failed login attempts. Users generally welcomed GeoPass; all of the users who completed the study reported that they would at least consider using GeoPass for some of their accounts. We also perform an in-depth usability and security analysis of location-passwords. Our security analysis includes the effect of information that could be gleaned from social engineering. The results of our security analysis show that location-passwords created with GeoPass can have reasonable security against online attacks, even when accounting for social engineering attacks. Based on our results, we suggest GeoPass would be most appropriate in contexts where logins occur infrequently, e.g., as an alternative to secondary authentication methods used for password resets, or for infrequently used online accounts.

Author-supplied keywords

  • digital maps
  • location-passwords
  • map search
  • passwords
  • security
  • usability
  • user authentication

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Julie Thorpe

  • Brent MacRae

  • Amirali Salehi-Abari

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free