The Trouble with Tribbles and Passwords

Posted by Sticky Password Dec.23, 2013 in News, Passwords & Security

tribblesAs just about anyone can tell you, the trouble with tribbles and passwords is that they multiply like crazy. You start with one and things quickly get out of hand and very messy. Researchers at Carnegie Mellon University are proposing a scheme to give the upper hand to humans; they recently presented their research at ASIACRYPT 2013.

The secret to controlling… passwords, that is – is stories.

The problem with passwords is that unless we use them often, we tend to forget them and so we resort to re-using the same simple passwords on many sites. Researchers Jeremiah Blocki, Manual Blum and Anupam Datta propose a mnemonic system that they say will enable people to create and remember their passwords. The researchers’ scheme involves the use of pictures to help users create a simple story line that the user then uses to create and rehearse the passwords.

The scheme uses the concept of PAO – person-action-object – in a series of photos to create a story that the user will likely remember. The user puts his, or her, own words to the pictures, and using letters or parts of the words, passwords can be created.

We’ve seen the use of pictures to create passwords before, but this is the first time that we’ve noticed such focus on the idea of repetition in order to remember the passwords. This reminds us of the ‘deliberate practice’ concept often referred to in the realm of sports: deliberate effort to improve performance in a specific domain. That never hurts.

We’re curious to see how well the PAO concept plays out for the creation passwords. After all, if it’s just a question of providing the user with something memorable, why couldn’t he start with something he already knows by heart – like the lyrics of a song, or a poem? Is it possibly due to the rehearsal mechanism of the scheme relying on the pictures it generates?

We’ll keep an eye out for developments.

Now, about those tribbles…