Microsoft Turns To Inkblots For Password Generation
The image associations are not only unique to the user, they're also "hard to forget," the researchers said.
Microsoft thinks the fact that no two people look at an inkblot the same way can be used to help generate more secure computer passwords.
The company has set up a Web site that shows users a series of Rorschach-style inkblots -- of the sort used in psychological profiling -- and then asks them to write down the first and last letters of each word they associate with the pictures.
- Government Analytics: Set Goals, Drive Accountability and Improve Outcomes
- 2012 IBM Chief Information Security Officer Assessment
Ultimately, the users are asked to combine the letters into a password.
Microsoft hopes the approach will help overcome a major flaw inherent in systems that ask users to make up their own passwords: those that are difficult to crack are hard to remember, and those that are easy to remember are also easy for hackers to guess. "A century of psychological literature indicates that inkblot associations are intimately personal, and our own user studies verify that users almost always describe the same inkblots quite differently," Microsoft researchers note on the project's Web site -- inkblotpassword.com.
The image associations are not only unique to the user, they're also "hard to forget," the researchers said. "After typing her password several times, a user develops 'muscle memory' and can log in quickly without referring to the inkblot images," they said.
Given that many Internet users employ the same password to gain access to dozens of Web sites, for everything from banking and shopping to socializing, it's more important than ever that they create passwords that are at once highly secure and easy to remember.
"Nothing prevents a user from learning a strong password on Inkblotpassword.com and then reusing it at other sites," Microsoft's researchers said.
Microsoft said it may develop a commercial version of the system, but for now it's free to try online. The company advises would-be users that it's collecting and storing the word associations they come up with for research purposes, but says the data is made anonymous and isn't linked to individuals.