Story time: Researchers picture way better password memory scheme

Carnegie Mellon's 'naturally rehearsing passwords' use images to trigger word memory

Once upon a time some Carnegie Mellon University researchers came up with a scheme to use stories and pictures to help users live happily ever after by creating and remembering dozens of passwords – and avoiding use of the exact same passwords for multiple sites.

The trick though is that users need to repeat and practice those one-sentence stories a lot at the start so that the tales and related images stick in their heads. The photos serve as mnemonic devices to trigger memories of the stories and words that can be used to secure multiple online accounts.

[LAUGH RIOT: 10 Funny Videos About Computer Passwords]


Password protector: CMU Ph.D. student Jeremiah Blocki

“If you can memorize nine stories, our system can generate distinct passwords for 126 accounts,” says Jeremiah Blocki, a Ph.D. student in Carnegie Mellon’s Computer Science Department, in a statement regarding these “naturally rehearsing passwords.”

(Blocki has been busy on the password front of late, also taking part in creation of a password protection scheme dubbed GOTCHA that makes use of inkblots.)

Blocki is presenting a paper on the research, which is funded by the National Science Foundation and the Air Force Office of Scientific Research, at a cryptology conference in India this week. He and fellow researchers Manuel Blum, professor of computer science, and Anupam Datta, associate professor of computer science and electrical and computer engineering, are building a mobile app to put their system into place.

According to CMU, the system involves users selecting photos of people and a scene and then the computer picking out photos of an object and an action. Equipped with the photos, the user then constructs a story “Say Miley Cyrus wrecks TIME magazine’s Person of the Year contest.” The system then involves grabbing letters from those words and combining them into passwords that users can recall with prompting via the images.

One challenge the researchers have run into is websites that require certain characters, like numbers, or capital letters in their passwords.

Copyright © 2013 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022