Is the password an outdated type of security measure? This question seems to be getting asked around quite a bit, especially with more powerful threats loose all over the Internet. Unfortunately, the fault in passwords generally lies in the fact that humans generally don’t pick passwords that are secure enough. Thanks to a new method called “spaced repetition,” it seems there might be some hope left for the password after all.
Two researchers; Stuart Schechter from Microsoft Research, and Joseph Bonneau of Princeton University; have proposed a method for password recollection that some forgetful folks may benefit from. The goal of the study was to show that complex passwords can be remembered fairly easily through a certain process. The results show that the human mind is capable of comprehending complex passwords, which would take a hacker well over a year to crack using conventional methods.
Schecter and Bonneau performed the experiment on hundreds of test subjects who thought they were taking part in attention span tests. Instead, they were really being taught how to remember long passwords which can make hacking much less of a concern. The process is called “spaced repetition.”
How Does It Work?
Spaced repetition is similar in functionality to the foreign language classroom. The process uses periodic quizzing and testing, while continuously building off of the basics. This puts emphasis on improving the memory of those involved with the test. Here’s the lowdown on how the tests were administered:
- On average, the test only lasted for 12 minutes.
- The actual test was keeping track of the login screen for the attention span tests.
- The login screen prompted users to enter a password, and each time they logged in, the prompt would appear later and later.
- Additionally, the string of characters grew longer each consecutive time. The string maxed out at 12 random letters, or a six-word phrase.
- After an average of 36 entries, the subjects were able to enter the password before the prompts even appeared.
- The test required 90 login attempts.
- By the end of the study, 94 percent of the users were able to type their password by memory, and 21 percent had written it down for easy access.
- Three days following the completion of the test, 88 percent of the subjects still remembered their password.
The study was clearly a success, but as it stands now, the concept isn’t a practical choice for the average user. The spaced repetition process is much better suited for an enterprise password manager, where different login credentials are stored in a vault and then pulled when they’re needed by typing in a single password. This takes the sting out of having to memorize multiple complex passwords.
What are your thoughts on spaced repetition? Do you think it has the potential to change the way we view complex password recollection? Let us know in the comments.