People are required to memorize passwords all of the time. For example, common websites such as gmail, amazon, facebook, youtube, etc all require that you have a username and password. Besides the internet, people memorize banking pins, locker combinations, building codes, garage door codes, etc.
Choose a different password for each website
It might be easy to memorize a single password that you use for every website. However, this causes a security issue for the user and the website. For example, suppose that a user uses the same password for their facebook account as their amazon account. If a criminal stole the user's facebook password, then the criminal could login and make purchases from the user's amazon account. Resolving such conflicts could be quite costly to both the user and the websites.
Everyone chooses words and phrases from the same dictionary
There are common words and phrases that appear in passwords. As suggested by this article, a criminal may only need to make 10,000 guesses before guessing your password. Of course, a criminal cannot try to login to your gmail account incorrectly more than a few times before your account becomes locked. However, if a criminal hacks into gmail's server and steals a hash of your password (such breaches are not uncommon among popular internet companies), then the criminal may only need to make 10,000 guesses to find out which password matches your hash.
Changing passwords regularly can be difficult
It is not uncommon for employers to require that you change your work password once a month. Such practices are good, but how can you effectively pick and memorize a new password every month. Naive techniques such as taking the month name followed by your favorite number may make it easy to memorize, but are extremely unsafe.
We consider a possible solution that will allow a user to create and memorize unique passwords. This solution uses what we refer to as a map.
What is a map?
A map consists of a set of keys, a set of values, and an assignment from keys to values. For example, you could take the keys to be the letters from A to G, the values to be the digits from 0 to 9, and the assignment to be:
In other words, the map assigns a digit to each alphabetic letter from A to G. Using this map, we can convert a word into a sequence of numbers. For example, the word "face" maps to 9046 and the word "bag" maps to 105.
What do maps have to do with passwords?
Imagine that you memorized a random map that assigns a digit to each of the twenty six letters of the alphabet. Then, we could use your map to try and solve the preceding problems.
Solution 1: Choose a different password for each website by mapping the website name to the corresponding number. For example, for one of my maps, I would assign gmail to 52041 and amazon to 020221.
Solution 2: If everyone memorized a random map and used this map to create their password, then the chances of two people having similar passwords would be quite low. That is, there would be more diversity in passwords making it more difficult for someone to guess your password given its hash.
Solution 3: The map provides a convenient means for regularly creating new passwords. For example, it was bad practice to take the current month and add you favorite number to the end of it. However, if we take the current month and map it to its corresponding number, then this could potentially be safer. For example, I would map november to 12962161.
Password Creation Schemas
Researchers on human computation are currently developing password creation schemas that are humanly usable and secure.
The primary goal of the memory project is to develop interactive tools to help users to memorize maps from letters to digits.
Memoryone.xyz - Website
Memoryone.xyz is a website that allows a user to train and test their memorization of a map from 26 characters each to one of ten digits. The website is designed for anyone wanting to test their memorization capabilities. Beyond entertainment, map based memorization has potential applications to online authentication.
The Memory Project - Android App
This app is designed to first train and then test the user to memorize matchings of alphabet letters to digits called mappings. The app has five main functions: creating mappings, training, testing, scoring, and help. The help section is used to clarify the individual training and testing activities, as well as overall app flow.
Update: These apps are no longer maintained.
Webpage made with the help of Build It (PKB).