How to Make Passwords That Cannot Be Compromised by Torture or Coercion

Interesting security research:

The system is simple in concept. Wolotsky and co’s idea is to use the body’s stress levels to determine whether they are being coerced in any way. And they do this by measuring the individual’s response to “chill” music they previously identified as relaxing.

Chill music is so-called because it provokes a shiver down the spine, a response that is similar to being cold. It is the physiological effects of this shiver that Wolotsky and co set out to measure by monitoring heartbeat and brain-wave patterns.

Their hypothesis is that these signals are impossible to fake and only possible to measure when the subject is relaxed. Any duress would result in a different signal.

To find out whether this is the case, the team asked five test subjects to choose their favorite piece of chill music and then monitored their heartbeat and brain waves while they listened.

1 Like

They voiced my first thought near the end of the article:

But urgent access to this kind of information might only be necessary in times of high stress, and this could invalidate the test. The thought of somebody trying to access the launch codes as World War III unfolds, but having to chill out beforehand, has something of a black comedy about it.

As for the launch codes (in the context of “weapons of mass destruction”, a disgusting euphemism for “genocide sponsored by a bully who’s strong enough to get away with it”), I hope they do implement something like this. Or at least Fisher’s idea with the butcher knife. I get so angry whenever somebody complains a president wouldn’t be able to launch the nukes when they “had to” – like it’s ever a good thing to go on a murder spree :pouting_cat:


Here’s an idea why not get @divine to make it so that you have to create a secondary pin when creating a safe network log on that when entered scrubs all your data? :slight_smile:

so when your under duress you can reveal your second pin that would effectively delete all your data. I understand this may not be feasible given how data is structured and stored.

He did suggest a second pin that has some ordinary files in it, looks legit and works as if your account. So if needed you just use the secondary pin and the thieves and/or /authorities will not see your real account with all that whistle blower stuff in it.


So when I am already late for that dream job interview and the “dog” chewed the doco I need to take to the interview, the logon sequence is going to stop me getting the doco reprinted also. For some in a slightly stressed state, the idea that a logon requires calmness only increases stress. Its so significant that there are medical terms for it and has to be accounted for when doctors do certain tests.


Not to mention it kind of rules out an entire class of people; those who are addicted to amphetamines.