Story time: Researchers picture way better password memory scheme

Story time: Researchers picture way better password memory scheme

Once upon a time some Carnegie Mellon University researchers came up with a scheme to use stories and pictures to help users live happily ever after by creating and remembering dozens of passwords and avoiding use of the exact same passwords for multiple sites.

The trick though is that users need to repeat and practice those one-sentence stories a lot at the start so that the tales and related images stick in their heads. The photos serve as mnemonic devices to trigger memories of the stories and words that can be used to secure multiple online accounts.

[LAUGH RIOT:10 Funny Videos About Computer Passwords]

"If you can memorize nine stories, our system can generate distinct passwords for 126 accounts," says Jeremiah Blocki, a Ph.D. student in Carnegie Mellon's Computer Science Department, in a statement regarding these "naturally rehearsing passwords."

(Blocki has been busy on the password front of late, also taking part in creation of a password protection scheme dubbed GOTCHA that makes use of inkblots.)

Blocki is presenting a paper on the research, which is funded by the National Science Foundation and the Air Force Office of Scientific Research, at a cryptology conference in India this week. He and fellow researchers Manuel Blum, professor of computer science, and Anupam Datta, associate professor of computer science and electrical and computer engineering, are building a mobile app to put their system into place.

According to CMU, the system involves users selecting photos of people and a scene and then the computer picking out photos of an object and an action. Equipped with the photos, the user then constructs a story "Say Miley Cyrus wrecks TIME magazine's Person of the Year contest." The system then involves grabbing letters from those words and combining them into passwords that users can recall with prompting via the images.

One challenge the researchers have run into is websites that require certain characters, like numbers, or capital letters in their passwords.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags endpoint securityWide Area NetworkNational Science FoundationCarnegie Mellon University

Brand Post

How to become the best IT MSP

This article provides guidance for managed service providers (MSPs) that want to grow their business. It is also useful for any IT service provider looking to move from the break-fix model to managed IT services.

Show Comments