Maybe I’ve missed something, but why isn’t more work dedicated to understanding the link between passwords and memory? Given that we’re supposed to remember our passwords (as opposed to writing them down on Post-it notes and sticking them somewhere prominent) why don’t we look more closely at the process whereby we remember stuff — and forget it?
Danah of apophenia wrote recently about the somewhat lame password recovery system some websites use whereby “you have to choose three questions and answer them. The problem is that they are all “What is your favorite n” where n is restaurant, band, movie, song, actor, book, drink, food, place, past-time…” As she points out, favorites tend to change over time, and if they were stable, such information is likely to be available “all over the web on their profiles for dating and social network sites.”
One commenter says Bruce Schneier has written that such password recovery systems are less secure than your password, so advises against using them. Here’s the original link, I believe: Bruce concludes that “The result is the normal security protocol (passwords) falls back to a much less secure protocol (secret questions). And the security of the entire system suffers.”
This is all a roundabout way of writing about a recent experience: one password I have to enter is actually a four digit PIN as part of a SecurID token (one of those readouts that give a different number every few minutes). Four digits I’ve used since 2000, and yet, after two weeks off, I couldn’t remember. It was only when I stopped trying to remember, that I remembered, if you know what I mean. It’s not that I had forgotten the number, it’s that I could retrieve the number from my memory. (This is getting way to existential – Ed). The way I “remembered” the PIN was to stop thinking and just type it. My fingers, if you will, remembered it better than my memory did.
I haven’t looked hard, and perhaps there’s data on this kind of thing. But this kind of memory must be way more useful than favorite colors and books and all that kind of thing, which requires thought, which in turn is vulnerable to forgetfulness, or changing habits.