6

I am talking about something-you-know identification factor. Examples of those formats are passwords, passphrases, pin-s, picture passwords ( Link ).

I am talking about the actual entropy that users need to remember, so "mothers maiden name" is weaker than random string of characters. About http://xkcd.com/936 : if there are 10k common words, then there are (10k pick 4) possibilities, so it's not significantly more entropy than an 8-character password over all 95 ASCII chars (95^8), once the method gets popular.

My question is based on the assumption that different formats of same information (sound, image, text, song, etc.) are not equally easy to remember.

So, what is the best format in easy-to-remember / entropy tradeoff? I'd be glad if you could link some relevant research too.

EDIT: I don't want to restrict the question to only text-based passwords, but rather include all human senses and computer input methods.

Glorfindel
  • 2,263
  • 6
  • 19
  • 30
f1578740
  • 69
  • 2
  • 2
    Interesting read in this regard: https://en.wikipedia.org/wiki/Memory_sport#Techniques – Philipp Jul 27 '15 at 14:02
  • 4
    Hi @f1578740, welcome to the site! We certainly love discussing passwords and entropy here at security.SE, but the core of your question (What's the most complex thing we can easily remember?) is a psychology / neuro question, which makes it off-topic for this site. With a little re-wording I think it could get some good answers on [cogsci.stackexchange.com](https://cogsci.stackexchange.com) – Mike Ounsworth Jul 27 '15 at 14:44
  • 1
    It depends on the human. Someone may have no trouble in remembering words, while another may remember easily images, smells, sounds. You might unerringly remember a formula like *perfluorooctanesulfonic.nitrolysis.of.hexamethylenetetramine*; I could use 33+0/6 as a shorthand for "Virgin.humble.term.You.ennobled.not". – LSerni Jul 27 '15 at 15:22
  • possible duplicate of [What is your way to create good passwords that can actually be remembered?](http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered) – Xander Jul 27 '15 at 15:32
  • no, not duplicate: I don't want to restrict the question to only text-based passwords, but rather consider all human senses and computer input methods – f1578740 Jul 27 '15 at 15:51
  • I agree with Mile Ounsworth this is a pretty good question for https://cogsci.stackexchange.com/.(↵ missing return included here)But at the same time this is also an opening door to other techniques to improve **revocable** and **secret** info we will have to use comfortably for authentication in the near future. Because token may fail, and fingers cant't stay a whole life hidden in pockets. – dan Jul 27 '15 at 16:45

0 Answers0