New Memory Method Lets Users Remember Long Passwords -- Subconsciously

  /     /     /  
Publicated : 22/11/2024   Category : security


New Memory Method Lets Users Remember Long Passwords -- Subconsciously


Implicit learning lets users store a 30-character password in their memories -- without remembering it



Remembering passwords is the biggest bane of security for most users. But what if you could learn a long password and remember it subconsciously, like you remember how to ride a bike?
According to a
report about subconscious passwords in the publication Extreme Tech
, a group of neuroscientists and cryptographers have developed a password system that does just that.
The system, devised by Hristo Bojinov of Stanford University and friends from Northwestern and SRI, relies on implicit learning, a process by which you absorb new information — but you’re completely unaware that you’ve actually learnt anything, the report states. In short, the system teaches the password to a part of your brain that you cannot physically access — but it is still there in your subconscious, just waiting to be tapped.
The process of learning the password involves the use of a specially crafted computer game that, funnily enough, resembles Guitar Hero, the report states. There are six buttons — S, D, F, J, K, L — and the user has to hit the corresponding key (note) when the circle reaches the bottom (fret). During a typical training session of around 45 minutes, a user will make about 4,000 keystrokes — and here’s the genius bit: Around 80 percent of those keystrokes are being used to subconsciously teach you a 30-character password.
Once the user has completed the training, future authentication is done by playing the game again -- the user is authenticated if he or she performs reliably better on his or her sequence than on other random sequences presented during the game, the report says.
The most important aspect of this work is that it [seemingly] establishes a new cryptographic primitive that completely removes the danger of rubber-hose cryptanalysis — i.e. obtaining passkeys via torture or coercion, the report states. It also gives you deniability: If a judge or policeman orders you to hand over your password, you can plausibly say that you don’t actually know it.
Bojinov will present his findings at the Usenix Security Symposium in August.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Memory Method Lets Users Remember Long Passwords -- Subconsciously