by Adeniyi Abdul
Ever had problems remembering a password? Well here’s some good news. A new technique has been devised to create passwords which are stored in the brains of users. The particularly unique aspect of this technology is that the passwords cannot be recited or recalled by users, thus keeping them safe from being discovered bu other parties. In other words, you know the password, you just can’t recall it. Of course this may all come off as a bit strange and confusing, but the technique makes use of cryptography and neuroscience and works based on an idea known as implicit learning, in which the brain subconsciously learns a pattern without consciously recognising it.
Hristo Bojinov and his colleagues at Stanford University California created a test in which played a computer game where they had to catch falling objects on the screen by pressing a key, with each key corresponding to one of six positions on the screen.
However, the positions of the objects were not always random. Hidden within the game was a sequence of 30 successive positions that repeated more than 100 times over during the 30 to 45 minutes of game play. Their brains unconsciously learned the patterns and the players were making fewer errors by the end of their time at the console, even though they had no idea the sequence was there. Two weeks later their brains still remembered the sequences and the players made even fewer errors, despite the fact none of them could consciously identify the sequence when asked.
Researchers believe that the results suggest that the game could form the basis of a security system. “Authentication doesn’t require explicit effort on the part of the user.” says Ari Juels, director of RSA Laboratories in Cambridge, Massachusetts. “If the time required for training and authentication can be reduced, then some of the benefits of biometrics, namely effortlessness and minimal risk of loss, can be coupled with a feature that biometrics lack: the ability to replace a biometric that has been compromised.”
Hristo Bojinov is scheduled to present his work on the 8th of August at the USENIX Security Symposium in Bellevue, Washington.