If there’s one lesson to be learnt from Wired’s Mat Honan’s recent hacking incident, it’s that passwords aren’t safe.
Using the brain’s natural capacity to learn and identify patterns, a group of academics from Stanford and Northwestern universities, as well as SRI International, have been experimenting with security.
- In August, the researchers presented their findings at the 2012 USENIX Security Symposium [PDF] in Bellevue, Washington. The researchers’ major objective was to look into methods to store secret information in the brain’s corticostriatal memory system, which is part of the neural architecture that teaches us how to perform things.
The researchers used a computer game to test their hypothesis, which required participants to touch keys on a keyboard as big black dots dropped over a horizontal line. It reminds me of Guitar Hero.
The dots fell at different speeds in various locations, forming patterns that were repeated until the participants became adept at hitting the right buttons at the right time.
The initial training session lasted between 30 minutes and an hour, and the dots fell at different speeds in various locations, forming patterns that were repeated until the participants became adept at hitting the right buttons at the right time.
The participants’ corticostriatal memory improved their ability to repeat the patterns, similar to dialing a phone number or entering a phrase on a keyboard without glancing at the keys.
This understanding of serial interception sequences can be utilized to validate a person’s identification afterwards. Because the participants were unaware of it, they could not be forced to divulge it.
As a result, individuals cannot be persuaded or duped into revealing their password. So far, 370 players have been tested, and more are being added all the time. Although web-based email services could not rely on anything like this for extra protection, high-security facilities operated by the government could certainly do so.
Hackers may get into databases and still access user information since the authentication sequence has to be saved someplace; nevertheless, this was meant to solve the problem of pressure.