Researchers ‘unlock’ the secret to remembering your password

Sick of forgetting your password? Researchers from Xi’an Jiaotong-Liverpool University have found a simple but effective solution, using an icon-based password system that plays on our natural ability to tell stories.

Developed by researchers Dr Hai-Ning Liang, Dr Charles Fleming and Ilesanmi Olade from the Department of Computer Science and Software Engineering at XJTLU, the system – coined SemanticLock – relies on a user creating their own unique story using predetermined icons to make a password, replacing traditional pin or pattern-based passwords.

Dr Fleming says if the new system, currently at prototype stage, is developed further, it could mean that forgetting your password could become a thing of the past.

“People are not programmed to memorise random digits or letters and this is why we have so much trouble remembering passwords,” he says.

“SemanticLock relies on a human’s ability to tell and remember stories. Users pick a set of icons to make a story and link them using two simple swipes on their screen, creating a unique story-based password that means something only to them.”

Co-researcher Dr Liang (pictured below) says their study revealed SemenaticLock passwords were much easier to remember than their pin or pattern-based counterparts.

“We thought people would find pictures and personal stories easier to recall but our study revealed just how much more effective they are in the context of a password,” he says.

“Study participants were asked to remember passwords they had been given the week before – while only 30 percent of participants could recall the pattern password and 50 percent could remember the pin password, 90 percent of participants remembered the SemanticLock password.

“We believe this is because people remember images and are naturally conditioned to retain stories that they can attach meaning to over numbers or patterns that have no significance to them.”

Dr Fleming (pictured below), whose research focuses on cybersecurity, says SemanticLock also enhances the strength of a password and helps protect users from hackers.

“In theory, traditional pin passwords offer millions of password possibilities, but in reality there are far less passwords actually in use because most people pick something that is easy to remember, such as a date,” he says.

“As well as significantly reducing the number of password options available, choosing a number with some meaning or pattern attached to it compromises the password’s security. Passwords based on dates or similarly significant numbers are far more susceptible to hackers.

“A hacker just needs to know something about you – your age, for example – and suddenly there is only a very small set of passwords they have to try before they can access your private information.

“This is what makes SemanticLock more secure – as it is based on a user’s personal narrative, there is no information or data a hacker can use to narrow down or predict the password.”

According to Dr Liang, an expert on usability in technology, SemanticLock passwords are not only safer and easier to remember, they have the added benefit of providing a better user experience.

“SemanticLock is faster than a pin password and easier to use on the go,” he says.

“We took the study outside a controlled lab environment and tested out how the system works in everyday scenarios.

“People aren’t just sitting a room at a desk when they use their phone – they’re out on the street, juggling a shopping bag or a hot tea, and trying to unlock their phone while keeping an eye on where they are walking.

“In these scenarios, we found that SemanticLock was easier to use than a pin password in terms of time and errors.”

Olade, who is investigating new methods of authentication for mobile devices, says he hopes that in the future, there might be an opportunity to commercialise the prototype.

“Our aim is to conduct research that benefits society and that has the potential to be of commercial value,” he says.

“We are open to further studies with the intention of developing SemanticLock so that the system can be made available to consumers.”

SemanticLock has already attracted attention internationally with popular tech site ZDnet writing an article on the new system last month.

By Rosanna Galvin, photos by Yuanyuan Du