Internet Security’s Weakest Link: Human Memory

Ever since the so called Cognitive Revolution replaced behaviorism with cognitive science, in psychology, human memory and the human mind have been modeled as computer-like. But now, the internet security challenge brings forth what computer scientists call “human limitation with precise recall”. This refers to our inability to remember and recall with precision a variety of random character combinations that, as internet users, we need to keep safe our different accounts and corporate networks.

Yet, even though it contradicts everything we have learned about human memory in everyday life, such recall ability has been postulated by all Cognitive Science models of human memory. Moreover, they have, supposedly, been proven by laboratory experiments on nonsense groups of syllables and alike.

However, real people are striking back and the computer scientist is rediscovering human limitations in precise recall.

Limitation?

In applying cognition, we have a strong preference for creating, remembering, and manipulating meaningful symbols. This is actually our greatest strength and the engine of creative endeavors in science, arts, literature, music, etc. However, it is this strength of human minds that clashes with and is threatening Internet Security.

Internet users pick up meaningful words to be their passwords. Breaking a truly random 8-character password would take more than 13 years on average even for password-cracking programs that can test nearly 8 million combinations every second.

But majority of passwords are not made of random characters. Rather, they are meaningful words that can be easily remembered. Sometimes, they have a few numerical extensions, which do not complicate the hacker’s life to any significant extent.

Hacking

Hackers can crack most of the commonly used passwords in less than a minute. And once they discover passwords on one server, they frequently can access other servers. Having stolen digital keys to a large fraction of the accounts on the network, an intruder can wander about maintaining the facade of a legitimate user. This is why the password security threat is a serious problem.

“Passwords are one of the biggest security problems that corporate America has,” according to Chris Pick, associate vice president for product strategy at PentaSafe Security Technologies. And an interesting problem it is, for both the psychology of human memory and enforcing internet security.

Education solutions

General awareness among the computer using population is one of the keys to counteracting cyber threats, complemented by well trained cyber security professionals.

Hacked emails that affected the 2016 US presidential elections were obtained via phishing attacks that exploited human, and not technical, weaknesses. Simply impersonating official correspondence and tricking the target into clicking a link led to malicious code being installed. That’s the sort of problem that is fixable with better awareness by users.