Usually, when I forget a password, I try to figure out what I would likely have come up with for the password, given my knowledge of myself. But it is amazing how often I fail to discover what I initially came up with. Based on some relatively recent work on implicit memory training, perhaps what I should be doing instead is training myself on an implicit memory procedure so that if I forget my password, I will at least be highly likely to guess it later on in response to the right cue.
Researchers have known about implicit memory for nearly half a century. In their seminal work, Warrington and Weiskrantz (1968; 1970) demonstrated that amnesic patients could use previously-presented information to identify a whole from partial information, such as a picture from a picture fragment or a word from a word fragment, despite being unable to consciously recollect the prior experience in which that “primed” information was presented. This is implicit memory.
Rehabilitation efforts can actually capitalize on the ability of amnesic patients to show implicit memory. In his book, “Searching for Memory”, Schacter describes an amnesic patient, Barbara, who through an implicit memory training procedure learned job skills (despite that she was incapable of consciously recollecting any of the job training episodes themselves). Schacter and his colleagues used a “vanishing cue” procedure, whereby the amnesic patient required less and less cue information on each repeated trial to come up with the answer to the question. With an amnesic patient, it isn’t that the person is consciously recalling a past experience in which the answer was provided. Instead, the person simply has a high probability of correctly guessing the target answer in response to the question, thanks to the training in which that answer was “primed” so to speak. Later, the correct answer just pops into mind when presented with the right cue.
So, can an implicit memory training procedure like that be used to circumvent everyday memory retrieval failures like failing to consciously retrieve a password?
In their article, “Exploring Implicit Memory for Painless Password Recovery,” Denning, Bowers, van Dijk, and Juels (2011) examined the feasibility of an implicit-memory-based authentication system. In it, a person would first be familiarized with a set of images during training. Later, the person would have to identify degraded images. Authentication in this system is based on whether priming is shown, as a person who has been trained on the pre-specified set of images should show evidence of this training by identifying more degraded images that had been previously familiarized than images that had not. A person who had not been trained would not show this priming effect, instead identifying a comparable number of images in both categories. So, this differs from the common method of trying to consciously retrieve a known secret password. Here, the secret itself lies in the set of trained images.
More recently, Bojinov, Sanchez, Reber, Boneh & Lincoln took the implicit-memory-based authentication system idea a step further. They used a computer game to train people on an implicit learning task. As the person played the game, his or her brain would extract a pattern. The player would not be consciously aware of this pattern, but could unknowingly or automatically re-create that pattern in response to the right cues later on. The training game can be found here: http://brainauth.com/testdrive/, and more on this research can be found in these outlets: Scientific American, NBC, Popular Science, Phys.org, Businessweek.
The researchers argue that this method can be used to authenticate in high security situations, and to prevent “rubber hose” attacks (attempts at using coercion or force to gain access to information).
Years ago, as I toured the Alzheimer’s unit at Baycrest in Toronto, I noticed that there were memory boxes outside of each patient’s room. Their purpose was to use personally-relevant cues to help memory-impaired patients find their rooms, or to assist in wayfinding.
Maybe accessing a password from memory should be viewed as similar to wayfinding. Through a combination of priming from prior training and having the right set of cues available, perhaps we can illuminate a path to our password (or other buried information) without relying on conscious memory for having created it.