In order to gain access to applications or other resources via a computer or another device, users are often required to authenticate themselves by entering authentication information, such as a password. Explicit memory forms the basis of most existing knowledge-based authentication systems. Typically, existing knowledge-based authentication systems require the user to explicitly recall a secret, such as a password or a personal identification number (PIN). Most alternative systems, such as graphical password systems and preference-based authentication systems, require users to enroll by committing a secret to memory or presenting some personal secret, and then the user is authenticated by recalling or recognizing the previously enrolled secret. All of these systems are explicit in the sense that the user is consciously attempting to recall or recognize the authentication secret.
Authentication schemes based upon explicit memory suffer from a tension between security and usability. This weakness leads to forgotten passwords (particularly for web sites that are infrequently visited) or to familiar breaches of security, such as writing passwords down, using information that is easily guessed or remembered, or reusing passwords for multiple web sites. Increasing the length or randomness of secrets further increases the cognitive burden on the user. Life-history and preference questions avoid some of these pitfalls, but can be subject to low entropy (i.e., a small answer space), multiple possible answers, data-mining, or changing over time.
Implicit memory, on the other hand, unconsciously influences or controls people's actions even when they are not attempting to retrieve the memory in question. Motor skills are one notable type of implicit memory. Habituated physical actions, such as riding a bike, do not require explicit mental effort. Cognitive studies have shown that explicit and implicit memories have different biological mechanisms. Patients with brain damage that causes poor performance on explicit memory tests may still perform well on motor and other implicit memory tasks. See, for example, D. L. Schacter et al., “Implicit Memory: A Selective Review,” Annual Review of Neuroscience, 16:159-82 (1993), incorporated by reference herein.
One particular kind of implicit memory, referred to as priming, involves exposing a user to a particular set of stimuli in order to observe its effects in later testing. In short-term priming, a user unconsciously completes open-ended tasks with a bias towards recently viewed stimuli. Certain priming effects, however, have been shown to persist for weeks, months, and even years. See, for example, C. B. Cave, “Very Long-Lasting Priming in Picture Naming,” Psychological Science, 8:322-5 (1997); or D. B. Mitchell, “Nonconscious Priming After 17 Years: Invulnerable Implicit Memory?,” Psychological Science, 17:925-9 (November 2006), each incorporated by reference herein.
A need exists for improved user authentication systems based on implicit user memory, such as priming.