Towards reliable storage
of 56-bit secrets
in human memory

SOUPS 2014 lightning talk

(to appear at Usenix Security)

Stuart Schechter

Microsoft Research

Joseph Bonneau

Princeton University

Sometimes, a really strong secret is actually worth some effort

Public domain image: http://www.bing.com/images/search?&q=eggs+in+one+basket&qft=+filterui:license-L1&FORM=R5IR37#view=detail&id=F4CB4E9B5972A91AB870ED870BDDE7E4F3268805&selectedIndex=0

How to store secrets in humans?

Platters

Read/Write Head

The standard computer science approach would be to look at the problem this way

Modeling human memory as a disk

Time

write

read

FAIL

Kaufman, Perlman and Speciner
Network Security: Private Communication in a Public World

2002

Humans are incapable of securely storing high-quality cryptographic keys… they are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.

A more accurate model for human memory

http://en.wikipedia.org/wiki/File:Wavecut_platform_southerndown_pano.jpg

Learning through spaced repetition

Time

write

read

SUCCESS!

Spaced repetition for passwords

Step 1: Type user-chosen password

User Name

stuart

Password

●●●●●●●

Spaced repetition for passwords

Step 2a: Type the random words as displayed

User Name

stuart

Password

verified

●●●●●●●●●

first nurse

Security code

Spaced repetition for passwords

Step 2b: Type the random characters as displayed

User Name

stuart

Password

verified

●●●●●●●●●

Security code

vnun

Spaced repetition for passwords

Step 3: Add increasing delays before showing the hint

User Name

stuart

Password

verified

●●●●●●●●●

Security code

Spaced repetition for passwords

Step 4: Wait until users can type without prompting

User Name

stuart

Password

verified

●●●●●●●●●

Security code

Look ma, no copying!

Spaced repetition for passwords

Step 5: add more codes and repeat

User Name

at least 4 characters

stuart

Password

verified

●●●●●●●●●

Security code

●●●●

●●●●

clxa

But will it work?

(after 3+ days)

(after 17+ days)

Some passwords are worth 5-10 aggregate minutes of training

Lots of memory training effects!

  • Generation effect
    • Make users fill in the blanks
  • Depth of processing effect
    • Make users convert the password
  • Dual coding effects
    • Show multiple versions

Try it yourself!

experiment.research.microsoft.com

“It was surprising that you did this follow up, because I did not expect it. After having to enter the codes so many times,
the words are branded into my brain.”

StoringKeysInHumans SOUPS lightning talk - Google Slides