Passwords designed for humans

It’s right there in the name, password. It is the long running solution for the problem space of trying to identify a specific individual to allow other actions to take place. For all the talk of eliminating passwords and two part authentication, we still haven’t done a very good job of designing for the human element. Humans are notoriously bad at remembering certain types of information. We do better when we can chunk together information. The escalation to more complex types of passwords due to better and better models for breaking them tends to break down our ability to chunk. (Did I use a capital H or lowercase?, what was my special symbol?) We tend to repeat passwords, use ones that are too simple, or write them down, all of which hammer home that this is a design problem in human memory.

So why don’t we move to something that we are good at remembering? Our visual memories tend to be excellent, with a large part of the brain devoted to this function. People that compete in memory contests leverage this capability to build associative visual pathways to then attach other items they are trying to remember. Why not leverage this as a means to identify us? I’m thinking that as part of the process instead of creating a password, I load some number of pictures to the site to be used for identification purposes. When I return to the site, one of my pictures is presented with say 14 other pictures and I have to pick the right one. Maybe I have to do this more than once. I’m guessing my accuracy at picking would be nearly perfect. The pictures can be continually randomized as to placement on the screen so a click in one area doesn’t necessarily follow the next time through. I can think of a ton of other ways to enhance/alter the process to increase complexity without really changing the human ability to identify the correct one. Moreover, even on a site that isn’t used for years, my odds are still pretty good at remembering things in the picture. There is no reason this shouldn’t work on a phone or a laptop as easily as on a website.

If you chose to implement, please just send me my 20%.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: