The ‘big damn idea’ aka, my future PHD stuff

After watching a couple of talks at the (so far) amazing and very safe feeling Bsides Cheltenham, I think it’s time to talk about my big idea, or at least part of it.
First talk of the day left me a bit cold and spurred me on a bit, because I think the thing I’m about to propose is something that would help.
And in a nutshell.
If passwords are so hard to remember, why can’t we use a core tennent of CBT (i.e attach something to positive emotions so you can process through that instead of what you’re fixating on at the time (yes, I’m paraphrasing), to have users set up completely contextual reminders with an image prompt.
The idea behind this is contextually, if I see a picture of a dragon, I can name a million of them (well, not really), or if I see a dog, there’s various ways my mind can go. I can go games, I could associate with literature…or…anything really. it could be the name I couldn’t give my pet because someone couldn’t spell it (not as unlikely as it sounds – if I use Kaiberie on my documentation and I’m having someone write that down, it gets silly!).
So…that’s one of the big ideas I’m thinking about. And I wrote this, sitting in the networking event, at Bsides, which is, quite honestly, an awesome thing. I’m too shy to go around and introduce myself, I did kinda joke about playing Twitter handle bingo, but instead I watched people, I hung out, and FINALLY started writing up my idea. Because it’s not as silly as I thought and it’s got some legs.
There’s more to it than this, of course, but….yeah….that’s where I’m going. If we have to find a toolless way to do passwords, could we train by association and positive impression – ala my CBT basics training to handle my mood.

And yes, this was the big idea I talked about many years ago to Jess Barker and Freakyclown. It’s just kinda stuck with me. And in a time when we’re saying passwords are an issue, hard to remember, and password managers aren’t something that people go ‘yes, I’ll do that’ for various reasons (or can’t cause of internal policy on their machines), I personally think this might be a bit of the solution.

So. My next steps are to think about the practicality and see where that gets me. If you’re coming along for the ride, thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *