Recognizing passwords

To be secure, passwords must be non-obvious and changed often.

Researchers from Hebrew University in Israel are working on passwords that need not be consciously remembered.

The scheme is based on the way we learn through the instinctive imprinting process which enables us to recognize the information later but not to recall it to describe it to someone else.

The system uses pictures, pseudo words or artificial grammar. For example, a user sees a set of 100 to 200 pictures randomly selected from a database of 20,000 pictures. They are organized in groups of 2 to 9 pictures with a common theme, one of which is a certificate image. The user then practices choosing certificate images from entire theme groups.

Later, in lieu of providing a password, a user identifies most of a short series of certificate pictures.

Accuracy rates varied from 70 to 90 %, and there is less than 1,000th of one percent of a chance to randomly guess correctly, according to the researchers.


From Technology Review.