Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using a Password One Doesn't Consciously Remember

Posted by CowboyNeal on from the almost-always-able-to-log-in dept.

ZiggyM writes "Researchers from Hebrew University in Israel have devised a way to assign a password to a user in a way that prevents the user from conciously remember or describe it, yet the user can input it correctly over 90% of the time in a 3 month period after [s]he learns to input it. It involves using visual recognition of previously-seen images, which you can recognize but cant consciously recall in detail. Recognizing the right ones from a series is interpreted as knowing the password, and the chances of guessing it is 1/100,000. Not ready for practical use yet, but very interesting concept that can develop further."

21 of 270 comments (clear)

  1. My tinfoil hat by Zegnar · · Score: 4, Funny

    My tinfoil hat protects me from the mind readers anyway!

    1. Re:My tinfoil hat by Baron+Eekman · · Score: 4, Funny

      How's this going to help?

      I'm not remebering my passwords all the time already

    2. Re:My tinfoil hat by pavon · · Score: 1, Funny

      Don't you know? Thats an added feature of the tinfoil hat! It keeps you brainwaves in your head, where they belong instead of out in the world where they can be probed. This has the amazing effect of increasing memory, mental accuity and the ability to connect seemly unrelated things.

  2. Well by Anonymous Coward · · Score: 3, Funny

    At least it's a new use for my porn archive.

    Do we get to use touch screens?

  3. This is too complicated - try this by SimianOverlord · · Score: 5, Funny

    It struck me yesterday that the answer to making secure and difficult to guess passwords that are immune to dictionary attacks is staring us all in the face. Let's recap:

    A good password is:

    Greater than 6 letters long

    Composed of numbers and letters

    Easy to remember, easy to reremember when changed.

    Now it struck me that ideally we needed to create a new language that was innovative and imaginative which people could talk in, and use as passwords. Then it struck me: we already have it: L33T SPEEK .

    Passwords such as OMGN00BSUXSROR! and ROFLGH3YB0ISTFU and almost impossible to guess, are immune to dictionary attacks, and are perfectly memorable. Perhaps L33T language classes could be started at major institutions, and a Creative Commons licenced dictionary created.

    It's about time someone started talking sense - password security is a problem which needs innovative solutions.

    --
    Meine Schwester ist sehr, sehr reizvoll - Nietzsche
    1. Re:This is too complicated - try this by ffsnjb · · Score: 3, Funny

      are immune to dictionary attacks,...and a Creative Commons licenced dictionary created.

      Uh, heh. Yeah, that's it! :)

      --
      "Why do you consent to live in ignorance and fear?" - Bad Religion
  4. Huh? by Anonymous Coward · · Score: 1, Funny

    Whats wrong with using the name of the month and sequential numbers up to the maximum 8 characters?

  5. Excellent! by Phurd+Phlegm · · Score: 5, Funny
    Now even if I am tortured to death I can't reveal the password to my eBay account!

    This should come in handy to all the other costumed crime fighters in the Slashdot community, too!

  6. Easy 24 or more letter-number combinations by Prince+Vegeta+SSJ4 · · Score: 2, Funny
    I use a password of a phrase or group of words that I easily remeber, then translate to l33t. That way I can easily have a strong password well over 20 characters. I am assuming of course that it is harder to break 5la5|-|d0t as opposed to slashdot.

    maybe someone could expand?

  7. Great by Pan+T.+Hose · · Score: 3, Funny

    Finally we have something which is not vulnerable to the rubber-hose cryptanalysis. Now the attackers can brute-force me as hard and as long as they want and I will not be able to tell them my password even if I want to! Now I feel totally safe, because even in the case of the most inhumane torturing, I will take my password to my grave. It's like using fingerprints in ATMs so the thief has to cut my finger off instead of taking my ATM card in order to steal my money, except for the lack of gelatin exploit. This is great news. I can stop recommending Password Safe to my users now.

    --
    Sincerely,
    Pan Tarhei Hosé, PhD.
    "Homo sum et cogito ergo odi profanum vulgus et libido."
  8. Re:Their own metrics are so awful. by Anonymous Coward · · Score: 1, Funny

    ... only lowercase letters, exactly four letters in length, where the first letter has to be from "a" through "f"

    Damn, "bosco" is one character too long!

  9. been there, done that by menscher · · Score: 3, Funny
    About 10 years ago I had a password where I typed an easy-to-remember non-word with my hands shifted on the keyboard. I actually went over a year without knowing what my password was, until one day I accidentally typed it at a login prompt.

    My bank-card pin-number uses a different trick. I just used four consecutive digits of pi. The trick is that they're pretty far into the sequence. Oh, and I made a mistake when I set it, so it's actually wrong. Oops. Guess it's pretty random, then. ;)

  10. Re:I do this now by Wordsmith · · Score: 4, Funny

    Don't worry. I've got your mother's phone number right here ...

  11. Re:the best password is...... by Geoffreyerffoeg · · Score: 2, Funny

    I had no password this year in Computer Science. My programs were subconsciously obfuscated enough that none would be insane enough to steal my code and pass it as his own, and I didn't care if the other students looked in there (the teacher can open my home directory anyway). It made it a few milliseconds faster to log in.

  12. This proved to be the best by far... by twoslice · · Score: 1, Funny
    Once I was trying for about 15 minutes to get into a machine that a co-worker locked out. I knew he used really simple passwords and tried them all. secret...password...firstname...lastname...name of his pet... you name it and I got bubkiss, notta, zip, no joy, crappola

    Then he just showed up and pressed the enter key. I said you have a blank password!!!! He just laughed and said - It fooled you didn't it? how long were you trying?

    --

    From excellent karma to terible karma with a single +5 funny post...
  13. Re:I do this now by rylin · · Score: 1, Funny

    I guess the question of "how long is your password" might still be relevant then, eh?

    ...............
    ..8=========D..
    ......... ......

  14. Re:I do this now by Anonymous Coward · · Score: 5, Funny

    the only thing worse than using the same root password for all of your boxes is telling everyone that.

    i currently remember 24 16-random-character passwords which i generate by locking myself in the closet with a torch, pad, pencil and 3 dice. for each character of the password, i roll each die once and concatenate the 3 individual numbers to give me one of 216 codes which i map to the numbers 0 through 215. i then divide this number by 72 and take the remainder as an index into my character table. the table contains uppercase, lowercase, numerals, and shift+numerals, which of course adds up to 72 characters. i sometimes replace some of the characters at random with characters outside the set (plus, brace, comma, etc) when i am feeling paranoid. i repeat this process until i have my 16-character password, writing each character on my pad as i go. i then study the written password until i feel i have remembered it. then i immediately tear the paper up take it into the bathroom and burn it in the toilet. i throw the rest of the pad in the fire incase someone tries to get the imprints, and usually i break the pencil in half and throw it in too. then if i need to go to the toilet, i'll go before i flush everything down. it sometimes takes a while for the pencil to burn. i then wash my hands thoroughly, twice, and turn the light switch on and off 5 times before i leave the room. i then go and unplug my machine from the network, take it into the closet, boot single-user mode and change my password.

  15. Re:Their own metrics are so awful. by gnu-generation-one · · Score: 2, Funny

    "If they don't really know [their password], they can't write it down and can't divulge it."

    Unchangeable embarassing passwords are good for that too...

  16. Re:I do this now by Mycroft_VIII · · Score: 2, Funny

    hmm, seems a bit insecure at that last step, unless your closet is tempest shielded AND your running on battery power. otherwise they could get the data from powerline fluctuations.

    Mycroft

    --
    https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
  17. not effective for men by muckdog · · Score: 3, Funny

    This won't work at all. If its based on images, every male password will be boobs.

  18. Re:I do this now by sploo22 · · Score: 2, Funny

    Yeah, you need to get pencil and paper, and MD5-hash your passwords by hand (don't use a calculator! you fool!)

    Then you just use a little magnetic stylus or something and toggle the bits on your hard-drive platter. You do have your hard drive geometry and the sector address for /etc/passwd memorized, don't you?

    Until you've taken proper precautions like this, don't fool yourself into thinking you're safe.

    --
    Karma: Segmentation fault (tried to dereference a null post)