Are inkblots meaningless smears of ink, or the secret key to your personality? Though most psychologists no longer use inkblots to determine the twists and turns of your psyche, sometimes they pay attention to the stories you tell yourself about the blobs.
Adam Stubblefield, an intern with Microsoft Research, thought that our ability to tell ourselves unique stories about inkblots might be a secret key to a strong digital lock - the online password.
Stubblefield, and his manager at MSR, Dan Simon, knew that people are the weakest link in secure computing environments. They knew that users generally pick weak passwords because they can remember them. They tend to use birthdays, pet's names, spouse's names or birthdays, or a favorite hobby. If a computer system forces us to pick a strong password, we often write it on a post-it note and stick it to the side of our computer, where it can be read and used by any passerby.
Give Me A Hint "Good passwords are hard to remember. And easy to remember passwords are easy for other people to guess. What we wanted to do is give people a hint to help them remember a good password," said Simon.
They needed a hint that would mean something to the user, but not to anyone else. They wanted to use some type of image-based authentication. But there were problems. Most of the methods had what they considered to be a fatal flaw.
"All used a pointing device rather than a keyboard for input," explained Stubblefield. "This limited the rate at which the password could be entered, and exposed the password to anyone looking over the user's shoulder. We realized that a better scheme would provide some way for users to somehow construct a private textual entry from an image displayed on their monitor."
What Do You See? Stubblefield used his imagination to come up with a solution. "I realized that a child accomplishes a very similar task when he points at an oddly shaped cloud and announces that there is a moose in the sky. There are not, unfortunately, huge amounts of published data on this cloud naming phenomenon." But there are volumes of information on the Rorschach Inkblot test. They decided to use inkblots to help users remember their passwords.
Sound too odd to be true? Even Simon was a bit skeptical at first. "I thought people wouldn't remember what they had seen in the blots. My first reaction was, 'oh, come on,' but it turned out well."
Stubblefield said the users had a similar initial reaction. "When we first explained the task to the users in the studies, the users were almost uniformly incredulous. Even after using the inkblot passwords, they were amazed that such an unconventional scheme actually works."
Computer Generated Inkblots To make the system work, they developed a program that can generate an infinite amount of random inkblots.
"We show you a bunch of computer generated inkblots," said Simon. "We ask you to look at the inkblot, see whatever you see in the inkblot, and type a short abbreviation of what you see. The first and last letter works well. We do that for a sequence of inkblots. At the end of all that we take you through it a few more times, but we scramble it in a random order first to make sure you haven't just typed in whatever you wanted to and ignored the inkblots altogether. We run it a few more times to make sure you have it in your memory, and thereafter whenever you try and log in we'll give you that second order of your inkblots. Eventually you'll just commit it to muscle memory and you'll learn it. And the inkblots will trigger the same memory."
Stubblefield and Simon found out that once we've identified the inkblot we see it the same way every time. And even though people sometimes see similar things in inkblots, they describe it in different ways. For instance, almost all the users in their study identified the inkblot below as some type of flying person. But the users described their flying person differently, such as 'evil flying henchman' or 'flying gardener.' (Except one person who thought it was a man at a football game in Minnesota wearing a mascot moose hat and ear muffs - but writers are not your average user):
"We did a study of 25 people and it worked very well. Twenty out of 25 people remembered their password the next day. That's with a very strong password, with ten images. Something like 50 to 80 bit passwords, which is much stronger than your typical password. Eighteen out of 25 people remembered the entire password a week later. That's very unusual. Moreover, everybody who did not remember the passwords remembered nine out of ten of their images. So if you weaken the password slightly, you could have 100% recall of the password," said Simon.
"Basically, you're typing in twenty characters by looking at ten inkblots. The idea is that eventually you just type in the twenty characters, because by the umpteenth time you've logged in, you've remembered these twenty characters," said Simon.
"Many of the users said that, if given the choice, they would use the inkblot passwords in their production environments," said Stubblefield.
Inkblots not only help users create a strong password, but people also seem to enjoy using them. Occasionally a user might look at an inkblot and see nothing. "That's easy to deal with, because you can just have them press the return key and go on to the next inkblot," said Simon.
Take the Test Take your own inkblot test - what do you see in these blobs?
Here's how you would form a password from the blots. Write down exactly what you saw under each blot. You don't have to tell anyone. It'll be your secret.
Take the first letter from the first word and the last letter from the last word in the first blot. That forms your first two password letters. If you described the first blob as a 'flying gardener,' your first two letters would be fr. Continue doing this with all of the inkblots. You'll end up with a strong twenty-letter password.
News 
Market Data 
Discover 
