Research found out that human beings can keep 56-bit passwords in their brain memories

ByChristian Ditaputratama

Although it is an account and a password which will increase one after another when using a website and net service, the password which many users thought by themselves is easily broken by 10 bits or less. Although it is thought that it can not be remembered when setting a long password for strengthening security, even with a randomly generated password or encryption of randomly generated 56 bits (6 words or 12 characters when decrypted) which is too strong enough, iterative learning It turned out to be kept in human memory by.

Towards Reliable Storage of 56-bit Secrets in Human Memory | USENIX
https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/bonneau


Towards Reliable Storage of 56-bit Secrets in Human Memory.pdf
(PDF file)https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-bonneau.pdf

Generally it is difficult to remember and memorize long passwords,Princeton UniversityWith Joseph Bonju ofMicrosoft ResearchStuart Schechter hypothesized that humans can learn powerful codes of 56.4 bits (6 words or 12 characters when decrypted) randomly assigned by iteration.

The research team gathered the subjects of the research to prove hypotheses and asked them to log in with the password you decided themselves on the login form set up on the website 90 times during the two weeks.

First of all, when the subjects log in to the website, they ask you to type a randomly encrypted 18.8 bit (two or four letters to decrypt) "security code". In the example below, the code you enter is "vnun", which is displayed as a hint at the top of the form. However, as the number of logins increases, the display of hint display starts to be delayed by 1/3 second, so the display will be delayed up to 10 seconds. I had this done for 2 weeks (9 times a day on average).


The displayed code is a 56-bit security code which is divided into three 18.8 bits at a time. When subjects enter the first code without hints, a second input form appears and eventually appears up to the third form so that all 56-bit codes can be memorized all It is becoming. Because we did not reveal the purpose of 'iterative learning of security code' to subjects, we can naturally iterate learning to reduce time by looking at the code whose display slowly becomes late.

And 94% of the subjects successfully memorized the 56-bit code encrypted after 36 logins on average. In addition, 88% of people asked for the same code three days later remembered exactly. One of the subjects was surprised that "words seem to be burning to the brain".

ByRon Bennetts

In addition, subjects had two groups of letters given as security codes and groups given the words, 46 (56%) of the 56 groups, 52 (56%) of the 56 groups (93% ) Succeeded in remembering the security code respectively. In addition, 21% of the subjects were outputting the code by writing it in a memo, but the percentage of remembrance was higher than those who did not take notes.

It is thought that humans can not correctly memorize high quality cryptographic keys, as most banks' PINs are set with 4 digits. Most users think that the password is less than 10 bits. Even if the same number of bits randomly generated tend to be difficult to decipher, if it is possible to memorize randomly generated 56-bit cipher which is said to be too strong as a password in the long term, you can change your password manager's master password Many advantages are expected, such as being able to stay within the brain of the brain.