Passwords can sit on hard disks for years: Typing your password or credit card number into a computer is a moment's work. But if you think your personal details disappear as soon as you hit the Return key, think again: they can sit on the computer's hard disk for years waiting for a hacker to rip them off. [...]
When you type in a password, it is stored in random access memory (RAM), where it is held temporarily until other data overwrites it or the computer is switched off.
But every so often, the computer copies the contents of its RAM onto hard disk, where it is easy prey for a hacker, who can read it directly or design a worm to email it back. The longer sensitive data stays in RAM, the more likely it is to be copied onto the disk, where it stays until it is overwritten - which might not happen for years.
Recognition keys access: Passwords are a problem. To be secure, a password must be non-obvious and changed often. Given the number of passwords the average person uses, and given the difficulty of keeping non-obvious and constantly changing passwords straight, it's not surprising that many people don't like them.
Researchers from Hebrew University in Israel are addressing the problem with a scheme that allows people to use a type of password that they don't have to consciously remember.
The scheme taps the way people learn through the instinctive imprinting process. When a person learns information via imprinting, he can recognize the information later but can't recall it in a way he can describe to someone else.
The scheme is fairly secure because it is truly random and cannot be stolen or shared voluntarily, said Scott Kirkpatrick, a professor of engineering and computer science at Hebrew University. "We don't know what we know."
Hacking Sparks Need for Complex Passwords: As more Web sites demand passwords, scammers are getting more clever about stealing them. Hence the need for such "passwords-plus" systems.
