Welcome to ‘unconscious’ passwords

With the internet age and online boom touching each and every sphere of our lives — right from online banking to social media, the need to manage and memorise passwords is getting more and more cumbersome. Apart from the obvious headache of managing multiple passwords, there is bigger issue and challenge of your password wallet landing up in the wrong hands.

There is a lot of research going on to tackle this issue by way of facial recognition, biometric or retina scanning, battery-powered ring like devices having encrypted passwords and gesture control. But won’t it be really cool to have passwords which are so surreptitious that only the unconscious human mind knows them?

Researchers at SRI International, a R&D company and Stanford and Northwestern have prototyped passkeys that resides coolly in one’s unconscious — so pretty much the passwords are difficult to forget or almost impossible to extract by coercion.

The concept is pretty simple but extremely creative and ingenious! Researchers claim to leverage the technique of implicit learning, a technique which we employ to learn say swimming or riding a bicycle, to “insert” a passkey in a subjects’ mind. Once a passkey is fed into the mind, the subject is able to magically replicate the passcode without actually memorizing or remembering it — pretty much similar to being able to swim automatically once learnt since your internal faculties do the function almost mechanically without knowing how you actually do it!

Director or SRI’s Computer Science Laboratory, Patrick Lincoln is the lead researcher along with Hristo Bojinov from Stanford on the project which is termed as “rubber-hose cryptography” project.

The entire method of “learning” or “training the mind” for accepting a password or passkey utilises a video gaming interface which is based on Serial Interception Sequence Learning or implicit learning. The interface has 6 named buttons and 6 corresponding columns from which a circular ball drops down. As the subject sees a ball drop down, he or she needs to press the corresponding named key or button. The sequence or order of the ball drop is random so the subject can never memorize the sequence. The game generates a sequence of 6 keys mixed with random characters which is played to the subject thrice. A typical mind training session lasts for about an hour in which the subject makes a few thousand keystrokes — these keystrokes are leveraged to train and subconsciously teach the subject a password.

Authentication necessitates the subject to play a round of the game which has the trained pattern embedded and interspersed with random letters. As per the trials and tests carried out, passwords as long as 30 characters can get imprinted in the subjects’ subconscious mind.

The beauty of this research is that it almost entirely eliminates the possibility of someone trying to obtain the passwords by force. Also, one can be made to “learn” more than one such password and also be “retrained” on new passwords. The research can have very obvious applications — typically in very high security set-ups or defense and governmental establishments.

Hollywood blockbusters such as Inception and Matrix don’t seem to be too far away from reality, anymore! — prashant.vadgaonkar@hotmail.com