Researchers work to develop passwords so secret that only your unconscious mind knows them By Rachel Metz on June 6, 2013

Some efforts to replace traditional letter-and-number passwords rely on gestures, wearable devices, or biometrics. An approach in the works from research-and-development company SRI International and Stanford and Northwestern takes a different tack: passwords that you know but don’t know you know.

Patrick Lincoln, director of SRI’s computer science laboratory and a researcher on the project, calls this “rubber-hose resistant authentication” in reference to rubber-hose cryptanalysis, in which a user is coerced or physically forced to give up, say, the passcode to a secure building. Lincolnsays the approach relies on implicit learning—the sort of learning that occurs through sheer repetition, such as learning to ride a bike, that the learner can’t verbally explain—to prevent passwords from being compromised.

So far, the project has used a game interface, resembling a rudimentary version of Guitar Hero, that trains the user to enter a unique pattern. Users press a key, corresponding to a column, each time a falling ball hits the bottom of one of the columns, but because the sequence of falling balls changes each time, users can’t consciously determine what is their unique sequence, and what is simply added noise. Later, the user is authenticated by playing the game, which contains parts of the learned pattern, and the user’s superior skill at this task proves his or her identity.

It’s one of many attempts to move away from standard passwords, which can be hard to remember and insecure. And if the researchers behind the project can get it to work sufficiently well, it may eventually help workers enter high-security areas like airplane cockpits, as well as more mundane realms such as your home or bank account.

Users also might be able to learn more than one unconscious password without interference, Lincoln says—so you could have one unconscious password for your office and another for your bank account. And if one of the passwords was somehow compromised, you could be retrained on that one without wiping out the other.

The researchers’ initial findings were published in a paper last year, including a study indicating that trained users could properly enter their patterns over time but couldn’t consciously remember them. The project has received a National Science Foundation award that Lincoln says is allowing the research to move forward. So far, Lincoln says, training is time-consuming (it takes about 40 minutes per password), and the system’s accuracy needs work, since this password system is not yet even as secure as traditional passwords. Lincoln’s group is launching some new experiments that he hopes will lead to more-effective and easier-to-learn unconscious passwords.

Despite the challenges and current impracticality of such a system, David Wagner, a UC Berkeley computer science professor who studies computer security, notes that there are examples of security technologies becoming widely used despite initially seeming impractical, such as public-key cryptography, which got its start in the 1970s with the invention of the RSA encryption algorithm. “Anyone can guess whether this will ever see the light of day,” he says, “but it’s pretty inspiring to see, at least in theory, that it might be possible to have a password you don’t know but you can use.”

Views: 112

Have questions?

Need help? Visit our Support Group for help from our friendly Admins and members!

Have you?

Become a Member
Invited Your Friends
Made new Friends
Read/ Written a Blog
Joined/ Created a Group
Read/ Posted a Discussion
Checked out the Chat
Looked at/Posted Videos
Made a donation this month
Followed us on Twitter
Followed us on Facebook

Donations

Please consider a donation to help with our continued growth and site costs

Connect

Visit The Temple
on Facebook:

....

Blog Posts

The Rigelean

Posted by Quingu on February 17, 2020 at 5:18pm 0 Comments

The Great Bear (Ursa Major)

Posted by Quingu on February 15, 2020 at 9:00am 0 Comments

Heyoka Woes

Posted by Quingu on February 14, 2020 at 1:00pm 0 Comments

(BEL) HORUS (VII)

Posted by Quingu on February 14, 2020 at 10:17am 0 Comments

The Horus Agenda

Posted by Quingu on February 13, 2020 at 1:30pm 0 Comments

The Morning Star

Posted by Quingu on February 11, 2020 at 5:00pm 0 Comments

The (El)der Gods

Posted by Quingu on February 11, 2020 at 4:30pm 2 Comments

Draconian Law

Posted by Quingu on February 11, 2020 at 2:30pm 0 Comments

The Lord of Air (Enlil)

Posted by Quingu on February 11, 2020 at 12:00pm 0 Comments

The Chief Seraph

Posted by Quingu on February 10, 2020 at 2:30pm 0 Comments

Sa'amsung

Posted by Quingu on February 9, 2020 at 3:30pm 0 Comments

Path of Souls

Posted by Quingu on February 9, 2020 at 10:00am 0 Comments

Seraphim Woes

Posted by Quingu on February 9, 2020 at 9:52am 0 Comments

The Orion Hybrid

Posted by Quingu on February 6, 2020 at 10:30am 0 Comments

Antares Etiquette

Posted by Quingu on February 5, 2020 at 4:30pm 0 Comments

The Red Dragon

Posted by Quingu on February 5, 2020 at 1:00pm 0 Comments

A Warlock's Temperament

Posted by Quingu on February 4, 2020 at 7:00pm 0 Comments

FEBRUARY AWARENESS


 


 

 

© 2020   Created by Bryan   Powered by

Badges  |  Report an Issue  |  Terms of Service