Human authentication to computer systems is problematic in many ways. There are aspects conserning the user’s ability to memorize arbitrary character-number -combinations as well as extraneous equipment which should be added to the system if other than password-based authentication methods were to be used (biometrics).
The method proposed in this paper is based on the combination of two things: first, the ability of the mind to memorize almost limitless amount of visual objects (once seen), and second, the strengthening effect of associating a phrase (a familiar little story) with the password which is about to form.
Goals to seek in VLAM
- transferrability of password. You could make your way through the world with that what is inside you, what you really know. Thus the password itself should not be prone to change. Of course it must be given a thought whether it is possible for the attacker to gain knowledge of those precise aspects that you are presenting in authenticating yourself.
- avoiding the upcoming attack techniques against passwords: timing attacks. These measure the time between your keypresses and thus gain a bit / some bits of information about the password. In VLAM, analogous attack might be possible by deep knowledge of the brain and how much time it takes to scan a matrix and find the picture, depending probably partially on where in the matrix the correct picture is and what are the characteristics of the false pictures (‘bright’, gaining the user’s attention, etc.)
Leave a Reply