Using a Password One Doesn't Consciously Remember
ZiggyM writes "Researchers from Hebrew University in Israel have devised a way to assign a password to a user in a way that prevents the user from conciously remember or describe it, yet the user can input it correctly over 90% of the time in a 3 month period after [s]he learns to input it.
It involves using visual recognition of previously-seen images, which you can recognize but cant consciously recall in detail. Recognizing the right ones from a series is interpreted as knowing the password, and the chances of guessing it is 1/100,000.
Not ready for practical use yet, but very interesting concept that can develop further."
Compare to a normal password-- 90% chance of successful identification? 100,000 possible combinations? Ick.
It better not be used in any situation where a machine can attempt the password, and hopefully they've avoided storing the password itself on the disk, though it certainly could be found with brute CPU (see above).
Basically, it looks like this is a very unimpressive system.
I'm sure there are many variations on this possible. Probably by linking mnemonics and visual cues you could come up with a code-entry system that works reliably, yet makes it nearly impossible for someone to simply write down their code -- hence, easily steal. Use the brain for crypto.
The beauty of string passwords is that I can recall and input it within 3 seconds. It would become quite a hassle to take the time to go through a series of images everytime I wanted to sign into an account.
Still, it's an interesting concept, though I can't forsee it ever becoming applicable to personal computing.
Simple. Don't have the user click on an image, but track their iris to see which image they're looking at. Kills eavesdropping dead, and lets you reuse images too. Drives cost way up, but maybe it can come down with mass production? Just a thought.
I cant really remember the PIN for my bank account, but when i'm standing in front of the cash automat i remember the moves i have to do with my fingers without problem. If i wanted to remember the PIN as a number i can close my eyes and pretend to type it though, so there is a way for me to know it consciously.
the most sexp i get is my paren-mode.
Keanu gets all the data locked in his head, and the password is a series of images...
"People" using "unnecessary" quotes should be "shot".
The only thing I have to remember is the password to get into Keypass and decrypt its database.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Passfaces uses a similar idea; you can remember the faces that make up your password, but you cannot describe that password to anyone. It relies on your brains ability to recognise faces, and your brains inability to accurately describe the same faces.
Useless for the blind of course.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
Why not just use some primitive "keyboard art"? The main alphanumeric area can be considered a 4 by 10 area of pixels, with a possible 3 colors(normal, not typed, and with Shift key). This would offer the possibility of easy visual recognition/reconstruction with ~10^19 possible combinations. For example, we could use a drawing of a TIE Bomber as a password.
......0...0......
.
......0...0......
.....0__0__0.....
would become ridFGhIJkcm, which is judged to be a rather strong password by http://www.securitystats.com/tools/password.php
"I would give my right hand to be ambidextrous."
I use passwords from Nethack, e.g. #@d_..C# is me and my dog standing next to an altar with a centaur on the other side of the room. Not hackable by dictionary attack :-)
I believe posters are recognized by their sig. So I made one.
To quote a phone number I almost have to watch myself dial it. Even worse is remembering my own phone number. I don't exactly call it often.
Or use a one-liner perl regex as your password, easy to remember if you know what it does, but also not breakable by dictionary attack. :)