Usually it’s a problem when you can’t remember a password. But in this particular case, it’s by design. A new security technique mashes up cryptography with neuroscience to create passwords that are stored in users’ brains but cannot be recalled, recited, or otherwise extracted by another party.
The system is based on an idea known as implicit learning, in which the brain subconsciously learns a pattern without consciously recognizing it. In tests, Stanford University researchers put test subjects in front of a computer game in which they had to catch falling objects on the screen by pressing a key, with each key corresponding to one of six positions on the screen.
The positions of the falling objects appeared to be random, but they weren’t. Buried in the game was a sequence of 30 successive positions that repeated more than 100 times over the course of 45 minutes of play. Their brains unconsciously learned this pattern, and by the end of their time at the console they were making fewer errors when they encountered this sequence–even though they had no idea the sequence was there.
Two weeks later, they still made fewer errors when the sequence was introduced into the game. Their brains remembered the sequence even though none of them could identify the sequence if asked. The idea could form a security scheme in which an authorized person is embedded with a sequence in an initial session and then asked to play the game to authenticate him- or herself later. Previous studies have shown that sequences learned implicitly simply can’t be recalled or understood by the brain, so there’s no way the person could willingly or unwillingly give up their authenticating password, yet it could be used to authenticate them time and time again.