The Best Password Is One You Can’t Consciously Remember
The best password might be one you can call up when you need it, but can’t consciously remember. Jeff Giles of New Scientist explains:
“Even the most sophisticated electronic security can be defeated by forcing someone to reveal a password. But what if sensitive information could be stored in your brain in such a way that you couldn’t consciously disclose it, no matter how hard you tried?
That is the promise of a new technique that combines cryptography with neuroscience. In initial tests, volunteers learned a password and later used that password to pass a test, but could not identify it when asked to do so.
The system is based on implicit learning, a process by which people can unconsciously learn a pattern. Hristo Bojinov, at Stanford University in California and colleagues designed a game in which players intercept falling objects by pressing a key. The objects appear in one of six positions, each corresponding to a different key.
Unbeknownst to the players, the positions of the objects were not always random. Hidden within the game was a sequence of 30 successive positions that was repeated over 100 times during the 30 to 45 minutes of game play. Players made fewer errors when they encountered this sequence on successive rounds, and this learning persisted when the players were tested two weeks later.
The results suggest that the game could form the basis of a security system. Users would learn a sequence unique to them in an initial session and later prove that they know it by playing the same game. Crucially, previous studies have shown that people cannot recite sequences that are learned in this way.
This phenomenon occurs in everyday life: consider, for example, how people are able to include new words accurately into a sentence without consciously being aware of the rules behind the grammar that they are using.” Read more here.
Another example immediately occurred to me—not being able to recall a phone number except by actually dialing it. Or, try this: Close your eyes and recite the letters that make up the middle row of keys on your computer. Can’t do it? And yet you probably type without looking, meaning that information is stored in your brain, through implicit learning.
And here I thought Inception was just a movie!
This is an fascinating concept. However, Jeff Giles seems to indicate that by not being able to consciously recite one’s password, it makes it more secure. This six-panel comic lays to rest the idea that passwords have to be complex, hard to remember, or, in this case, subconsciously embedded to be secure and shows a much simpler method for creating secure passwords. http://bit.ly/HAIpnL