Wednesday, November 28, 2012

Muscle memory instead of a password? Maybe not for klutzes

Some day we may use muscle memory to memorize a password without even knowing what the password is, says Scientific American. To a lesser degree, we already do that in daily life, when we enter an often-used password. If we are asked to write it down, we might not necessarily remember the exact sequence of symbols. I've known people -- for example, software developers who shared a username and password to the same computer -- that could not tell a new developer the password even when they needed to, because they only stored it in their muscle memory. They could type it in, but not spell it out. Trying to write it down, they would get confused. The (still highly experimental) technique described in this article takes it a few steps further: the password consists of actions you perform in a game. I suppose it could work as long as you use it often, and if you are not a klutz like me. I don't think I could reproduce all the correct key presses every time even if I played a game often. (I am assuming here that in the game they describe, there is only one way to hit the falling dots correctly. If the game was more like Tetris, where there's more than one way to maneuver the falling bricks successfully, this technique would be meaningless.) Still, if I haven't played the game for a week, my skills would have atrophied, so there's no way I would hit the dots correctly at first. Or by the second or third attempt. But most systems worth their salt lock you out after the first three unsuccessful login attempts. So it's interesting how would such a system distinguish between an impostor, and a legitimate user whose skills have atrophied.

No comments: