“The problem with passwords is that they are easy to breach,” says Ram Pemmaraju, the CTO of security company StrikeForce Technologies. The tools for cracking them, such as malware, are easy to come by. New processors and open-source software can break an encrypted password in days, if not hours or minutes. Take a seven-character password with upper- and lowercase letters, numbers, and symbols. Five to 10 years ago, the average computer would have needed more than 1,000 years to guess it. Today’s home computers can do it in about a month. Because of this increasing computer power, some experts recommend 20- to 30-character passwords. But human laziness is also a huge problem. Who wants to remember a 30-character password? One recent study found that 5 percent of passwords are some variation of “password.”
Hristo Bojinov wants you to forget your password. More precisely, he wants you to never really know it in the first place. Bojinov, a computer scientist at Stanford, and his colleagues have developed a computer program that can implant passwords in a person’s subconscious mind--and retrieve them subconsciously too. The technique could make it impossible for, say, a high-security government agent to reveal his password; the agent wouldn’t actually know the secret code. Eventually, the use of subconscious passwords could even trickle down to the rest of us. And considering the precarious state of password protection, that probably can’t happen soon enough.