A new computer game designed by researchers at the Stanford University allows users to pick their passwords in a totally unpredictable way. The game is based on a combination of cryptography (the â€œartâ€ of encryption) and neuroscience that suppresses the emergence of common patterns.
Password theft has become much easier for social engineers, who can basically tell one usersâ€™ password by simply analyzing the information they share on social networks and blogs, or even con the user into revealing it. The research, described in a paper called â€œNeuroscience Meets Cryptography: Designing Crypto Primitives Secure against Rubber Hose attacksâ€, details on the benefits of â€œimplicit learningâ€ â€“ the process of learning complex information without awareness of what has been learned.
The game developed by the researchers creates a highly secure password and stores it into the playerâ€™s memory as they intercept falling objects by pressing corresponding keys. However, these objects fall in a specific pattern so, during a game round, the user repeats the same combination of keys over 100 times. The password is unique enough and, better yet, passwords learned via this process canâ€™t be recited.
â€œAll of the sequences presented to the user are designed to prevent conspicuous, easy to remember patterns from emerging,â€ reads the paper. â€œThe result is that while the trained sequence is performed better than an untrained sequence, the participant usually does not consciously recognize the trained sequence.â€
However, even if the game helps the user pick much safer password, the technique does not answer all challenges: the user is still susceptible to keylogging and phishing, two of the most common ways of stealing passwords. More than that, picking one password would take between 30 and 45 minutes, which translates into days of playing in order to pick unique passwords for all the accounts a user may have.