论文信息 - Exploring implicit memory for painless password recovery

Exploring implicit memory for painless password recovery

Knowledge-based authentication systems generally rely upon users' explicit recollection of passwords, facts, or personal preferences. These systems impose a cognitive burden that often results in forgotten secrets or secrets with poor entropy. We propose an authentication system that instead draws on implicit memory - that is, the unconscious encoding and usage of information. In such a system, a user is initially presented with images of common objects in a casual familiarization task. When the user later authenticates, she is asked to perform a task involving a set of degraded images, some of which are based upon the images in the familiarization task. The prior exposure to those images influences the user's responses in the task, thereby eliciting authentication information. We ran a user study to investigate the plausibility of our system design. Our results suggest that implicit memory has potential as a basis for low-cognitive-overhead, high-stability, knowledge-based authentication.

Marten van Dijk | Ari Juels | Tamara Denning | Kevin D. Bowers

[1] David B Mitchell,et al. Nonconscious Priming After 17 Years , 2006, Psychological science.

[2] C. B. Cave. Very Long-Lasting Priming in Picture Naming , 1997 .

[3] Serge Egelman,et al. It's No Secret. Measuring the Security and Reliability of Authentication via "Secret" Questions , 2009, IEEE Symposium on Security and Privacy.

[4] Markus Jakobsson,et al. Love and authentication , 2008, CHI.

[5] Nicolas Christin,et al. Use Your Illusion: secure authentication usable anywhere , 2008, SOUPS '08.

[6] Nasir D. Memon,et al. PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[7] D. Schacter,et al. Implicit memory: a selective review. , 1993, Annual review of neuroscience.

[8] Daphna Weinshall,et al. Passwords you'll never forget, but can't recall , 2004, CHI EA '04.

[9] J. G. Snodgrass,et al. A standardized set of 260 pictures: norms for name agreement, image agreement, familiarity, and visual complexity. , 1980, Journal of experimental psychology. Human learning and memory.

[10] J G Snodgrass,et al. Perceptual Identification Thresholds for 150 Fragmented Pictures from the Snodgrass and Vanderwart Picture Set , 1988, Perceptual and motor skills.

[11] Serge Egelman,et al. It's No Secret. Measuring the Security and Reliability of Authentication via “Secret” Questions , 2009, 2009 30th IEEE Symposium on Security and Privacy.