Thursday, July 19, 2012

Unconscious memory to improve security

Passwords are used for a lot of things, and it is not uncommon that people forget them. Normally, it is necessary to consciously remember a password in order to provide it when necessary. A new security mechanism does things rather differently, by relying on unconscious memory in order to 'remember' a password. Neurological tricks were used in order to get participants to remember a password without consciously knowing it, or being able to tell it to someone.

A password was unconsciously learnt by playing a game that involved 'saving' falling objects. Players could intercept falling objects by pressing one of the six buttons that corresponded to the locations where an object could land. A gaming session lasted around 30 to 45 minutes, and the objects fell seemingly random. However, the scientists did create certain patterns without telling the participants: every now and then a predetermined pattern of 30 object locations were inserted in the game, which was then repeated randomly around a hundred times throughout the gaming session.

Basically, the pattern of 30 object locations can be seen as a password: it consists of 30 'numbers', each having six possible outcomes. By repeating the pattern over and over in the game, without the player noticing it, the password would be learned unconsciously. This is proven by the fact that participants perform better during the predetermined password sequence. Repetition therefore 'installs' a password in the user's head.

This method makes use of implicit memory, meaning your consciousness is not involved. It works in the same way as the muscle memory needed to cycle or to type rapidly on a keyboard. Because of this, people can show they 'know' the password by performing better when the password sequence is inserted into the game, but they are unable to consciously state it.

According to the scientists, their method can add an extra layer to security systems, by making it unable for people to give away the password. However, there are some downsides, the most obvious one being the fact that it takes a long time before a user can 'enter' the password: a gaming session is needed to show that a person unconsciously knows the password. It remains to be seen whether the security system will be used commercially, but the idea of using implicit memory does make it sound very interesting.

No comments:

Post a Comment