Why we shouldn't know our own passwords

Developing unknowable passwords is an active area of security research. In 2012, a team from Stanford University, Northwestern University and the SRI research center developed a scheme for using a computer game similar to “Guitar Hero” to train the subconscious brain to learn a series of keystrokes. When a musician memorizes how to play a piece of music, she doesn’t need to think about each note or sequence. It becomes an ingrained, trained reaction usable as a password but nearly impossible even for the musician to spell out note by note, or for the user to disclose letter by letter.

In addition, the system is designed so that even if the password is discovered, the attacker is unable to enter the keystrokes with the same fluidity as the trained user. The combination of keystrokes and ease of performance uniquely ties the password to the user, while freeing the user from having to remember anything consciously.

Unfortunately, in our border travel scenario, the agent could demand that the traveler unlock the device or application using the subconscious password.
A team at California State Polytechnic University, Pomona, proposed a different solution in 2016. Their solution, called Chill-Pass, measures an individual’s unique brain chemistry response while listening to her choice of relaxing music. This biometric reaction becomes part of the user’s log-in process. If a user is under duress, she will be unable to relax enough to match her previously measured “chill” state, and the log-in will fail.