"Towards Reliable Storage of 56-bit Secrets in Human Memory", Bonneau & Schechter http://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-bonneau.pdf
> Challenging the conventional wisdom that users cannot remember > cryptographically-strong secrets, we test the hypothesis that users can learn > randomly-assigned 56-bit codes (encoded as either 6 words or 12 characters) > through *spaced repetition*. We asked remote research participants to perform > a distractor task that required logging into a website 90 times, over up to > two weeks, with a password of their choosing. After they entered their chosen > password correctly we displayed a short code (4 letters or 2 words, 18.8 > bits) that we required them to type. For subsequent logins we added an > increasing delay prior to displaying the code, which participants could avoid > by typing the code from memory. As participants learned, we added two more > codes to comprise a 56.4-bit secret. Overall, 94% of participants eventually > typed their entire secret from memory, learning it after a median of 36 > logins. The learning component of our system added a median delay of just 6.9 > s per login and a total of less than 12 minutes over an average of ten days. > 88% were able to recall their codes exactly when asked at least three days > later, with only 21% reporting having written their secret down. As one > participant wrote with surprise, “the words are branded into my brain.” -- gwern http://www.gwern.net -- You received this message because you are subscribed to the Google Groups "mnemosyne-proj-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mnemosyne-proj-users/CAMwO0gw-HaFRaXMg%2BYed_OGTtvjKa6S0hd8k8SuMU%2BfseaP49g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
