Unexplainable Unconscious Passwords Cannot Be Compromised
Researchers are developing a new security approach that relies on implicit, repetitive learning.
Researchers are developing a security approach that relies on implicit learning to train people to enter a unique pattern, which they can perform over time but can’t consciously remember. Developed by independent nonprofit research institute SRI International, Stanford and Northwestern, it is known as “rubber-hose resistant authentication.”
Implicit learning occurs through repetition but can’t be verbally explained, which prevents passwords from being compromised. MIT Technology Review reports that the project has used a game interface, resembling Guitar Hero, which trains the user to enter a unique pattern.
Later, the user is authenticated by playing the game, containing parts of the learned pattern, and their skill proves their identity. Users may be able to learn more than one unconscious password without interference and if one was compromised, they could be retrained.
The researchers’ findings were published in a paper last year, which indicated that users could effectively enter their patterns over time but couldn’t consciously remember them. The project has received a National Science Foundation award and new experiments are being launched to develop more effective and easier-to-learn unconscious passwords.