Subconscious Passwords You know them, you just can't recall them. john_a_ward via Flickr
Usually it’s a problem when you can’t remember a password. But in this particular case, it’s by design. A new security technique mashes up cryptography with neuroscience to create passwords that are stored in
users' brains but cannot be recalled, recited, or otherwise extracted by another party.
The system is based on an idea known as implicit learning, in which the brain subconsciously learns a pattern without consciously recognizing it. In tests, Stanford University researchers put test subjects in front of a computer game in which they had to catch falling objects on the screen by pressing a key, with each key corresponding to one of six positions on the screenThe positions of the falling objects appeared to be random, but they weren’t. Buried in the game was a sequence of 30 successive positions that repeated more than 100 times over the course of 45 minutes of play. Their brains unconsciously learned this pattern, and by the end of their time at the console they were making fewer errors when they encountered this sequence--even though they had no idea the sequence was there.Usually it’s a problem when you can’t remember a password. But in this particular case, it’s by design. A new security technique mashes up cryptography with neuroscience to create passwords that are stored in
users' brains but cannot be recalled, recited, or otherwise extracted by another party.
Two weeks later, they still made fewer errors when the sequence was introduced into the game. Their brains remembered the sequence even though none of them could identify the sequence if asked. The idea could form a security scheme in which an authorized person is embedded with a sequence in an initial session and then asked to play the game to authenticate him- or herself later. Previous studies have shown that sequences learned implicitly simply can’t be recalled or understood by the brain, so there’s no way the person could willingly or unwillingly give up their authenticating password, yet it could be used to authenticate them time and time again.
No comments:
Post a Comment