a bad habit for good readers

stoneslidecorrective.com

Frontiers of Knowledge

Researchers Use Deep Human Emotion to Enhance Identity Security Online

 Any chain is only as strong as its weakest link. In the case of the online security systems that guard so much—from your bank account to your email—that weak link is the so-called security question, the bit of personal information used to verify that you really are who you say you are. Now hackers and other malefactors have found ways to mine your social networks for information about you and use it to answer your security questions, reset your passwords, and take over your online life.

If two researchers from Wye Sprite University have their way, you will soon be seeing a new sort of security question that they say improves overall security by 2,400%. Here are a few sample questions:

  • What name did your mother call you when she was very, very angry?

  • Who gave you your first toke of weed?

  • Which boyfriend/girlfriend first told you that you were a disappointment?

  • What sexual fantasy do people always laugh at when you describe it?

  • Deep in your heart, which racial or ethnic group do you feel an instinctive animus for?

  • What name do you call your private parts?

  • Who do you most regret fucking/having fucked?

 

“The challenge of any security system that requires human interaction,” says Walt Hynmin, a professor of computer science and co-inventor of the new system, “is to balance what I call single-knowability—the ideal being something that can only be known by a single individual—with persistence of recall—meaning the user will not fail to be able to enter the key at the moment prompted. “

The fulcrum for the new method is shame. Explains co-developer and psychology professor Anna Chull, it’s in the nature of shame to be almost ineradicable from our memory and yet completely private. “Say you once rubbed a dog’s penis to see if it would get erect,” says Chull. “And say you kind of liked it. You’re not going to tweet about that. No. But you won’t forget it. It’s a perfect, entirely personalized security key.”

Initial tests back up this claim. In a series of lab-based experiments and in a limited deployment of the system in partnership with Black Acres Credit Union, calls to a help line to reset passwords declined to near zero. Among the credit union customers, successful identity theft attacks dropped 70% compared to a control group.

“The real breakthrough here is that we have developed a systematic way to access your most shameful memories and turn them into consistently repeatable security keys,” adds Hynmin.

This innovation builds on decades of psychological research aimed at defining shame, in the process differentiating it from similar emotions like guilt, and investigating its links to trauma, personality disorders, and depression. Hynmin and Chull drew on established tools such as the Guilt and Shame Proneness Scale developed by Taya R. Cohen (Carnegie Mellon University), Scott T. Wolf (Harris Interactive, New York), A.T. Panter (University of North Carolina at Chapel Hill), and Chester A. Insko (University of North Carolina at Chapel Hill); as well as the Experience of Shame Scale authored by Bernice Andrews (Royal Holloway, University of London).

“For us, the question was not, what does shame do to people? but, what can we do with shame?” says Chull.

Combining the known research with the answers to tens of thousands of questionnaires, Hynmin and Chull crafted a library of questions that are maximally likely to elicit deeply shameful memories. They further use predictive analytics to narrow the questions offered to each customer to those most likely to be effective for that individual. They consult with any business interested in implementing the system to customize it based on what data the firm holds on its customers.

Hynmin and Chull claim that shame is a universal phenomenon and can be used successfully by any sort of business in any cultural context.

But doesn’t a business take a risk if it literally shames its customers? “Some people have an aversion to these memories,” says Chull. “That’s why we design our user interface to be very calming.”

“Pictures of kittens,” adds Hynmin.

“Exactly. And lovely music. Any time we’ve used Rachmaninoff’s opus 38, number 3, ‘Daisies,’ for solo piano, it’s been a great success. That song seems to bring with itself a sense of calmness and contentment that, when mixed with the shame, produces a strong cocktail of serenity. But we also use Beethoven, Mozart, Joss Stone, many others. You may find you enjoy the questions if you approach it with an open mind.”

Whatever happens with their venture, Hynmin and Chull say they love their work. “People are ashamed of the strangest things,” says Hynmin.

“Yes,” says Chull. “It can be quite amusing to see the responses come in. One person has a recurring dream of eating feces with barbecue tongs. The next can’t stop fantasizing about his cousin after having seen her rub oil on her backside.”

“It’s kind of fun to boot up the system and just see what’s out there. It’s a crazy world.”

“This is our point,” Chull says. “People are looking for a technological answer to these problems, like so many others, and all technological answers cost a lot of money and are very rigid. Meanwhile, the real answer is in the human mind—the greatest technology of all.”


Want to read more? Sign up for Stoneslide emails.

Share this Story

The Stoneslide Corrective is dead. Long live The Stoneslide.

 

Stoneslide has been reborn. We’ve shaken the dark ash off of our feathers, and we are resplendent once again. But we’re now at thestoneslide.com. This site will remain as an archive of The Stoneslide Corrective.

Thank you for reading. Check out the new plumage at thestoneslide.com.

×