Slashdot Mirror


Using a Password One Doesn't Consciously Remember

ZiggyM writes "Researchers from Hebrew University in Israel have devised a way to assign a password to a user in a way that prevents the user from conciously remember or describe it, yet the user can input it correctly over 90% of the time in a 3 month period after [s]he learns to input it. It involves using visual recognition of previously-seen images, which you can recognize but cant consciously recall in detail. Recognizing the right ones from a series is interpreted as knowing the password, and the chances of guessing it is 1/100,000. Not ready for practical use yet, but very interesting concept that can develop further."

1 of 270 comments (clear)

  1. Re:Their own metrics are so awful. by Anonymous Coward · · Score: 5, Insightful

    Yup. That's not secure in the least. 100,000 possible combinations is equivalent to having a password of only lowercase letters, exactly four letters in length, where the first letter has to be from "a" through "f" (6 * 26 * 26 * 26 = 105,456).

    Definitely one of the worst password-type mechanisms proposed in recent history.