Industry News

Computer Game Helps You Pick Better Passwords, Researchers Find

A new computer game designed by researchers at the Stanford University allows users to pick their passwords in a totally unpredictable way. The game is based on a combination of cryptography (the “art” of encryption) and neuroscience that suppresses the emergence of common patterns.

Password theft has become much easier for social engineers, who can basically tell one users’ password by simply analyzing the information they share on social networks and blogs, or even con the user into revealing it. The research, described in a paper called “Neuroscience Meets Cryptography: Designing Crypto Primitives Secure against Rubber Hose attacks”, details on the benefits of “implicit learning” – the process of learning complex information without awareness of what has been learned.

The game developed by the researchers creates a highly secure password and stores it into the player’s memory as they intercept falling objects by pressing corresponding keys. However, these objects fall in a specific pattern so, during a game round, the user repeats the same combination of keys over 100 times. The password is unique enough and, better yet, passwords learned via this process can’t be recited.

“All of the sequences presented to the user are designed to prevent conspicuous, easy to remember patterns from emerging,” reads the paper. “The result is that while the trained sequence is performed better than an untrained sequence, the participant usually does not consciously recognize the trained sequence.”

However, even if the game helps the user pick much safer password, the technique does not answer all challenges: the user is still susceptible to keylogging and phishing, two of the most common ways of stealing passwords. More than that, picking one password would take between 30 and 45 minutes, which translates into days of playing in order to pick unique passwords for all the accounts a user may have.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

2 Comments

Click here to post a comment