Researchers from Stanford, Northwestern, and SRI have a new paper laying out a crafty little solution: Make people memorize passwords that they don’t know. If you don’t know your password, you can’t tell it to anyone.
Huh? How can you have a password you don’t know?
Perhaps the best analogy is the playing of a song on a musical instrument. If you’ve ever memorized a piece of music, you know that, given the instrument, you could play it no problem. The piece is in your muscle memory. But given a staff sheet and a pencil, writing it out would be a challenge. You would need to thump it out with your fingers and write down your observations, but you don’t just know the order of the notes.
…The catch is that unlike a piece of music, for which you’ve memorized a sequence that someone could, perhaps, record if they watched you tap it out enough times, this system then “tests” whether you are the real you, by having you “play” all sorts of strands, with the ones you’ve practiced mixed in. Only someone who has received the training will play their own sequences more smoothly and rapidly. “A performance gap that is substantially different from the one obtained after training indicates an attack,” the authors explain.
the views expressed on this site are the author's and the author's alone. they do not reflect the views of her employer or any professional organization with which she is now or has been affiliated.
i'm the leftist liberal you've been warned about - the one who genuinely supports the expansion of the welfare state. i love politics and data and graffiti and street art and am far too lazy to use my shift key. if you need to reach me, you can email to abbyjean at the google email service.