homehome Home chatchat Notifications


Hard to crack and easy to remember password? Try a poem

"Please enter a strong password", is now an ubiquitous greeting whenever we try to register online. Security experts advise we use long passwords at least 12 characters in length, which should include numbers, symbols, capital letters, and lower-case letters. Most websites nowadays force you to enter a password under some or all of these conditions. Moreover, the password shouldn't contain dictionary words and combinations of dictionary words. Common substitution like "h0use" instead of "house" are also not recommended - these naive attempts will fool no automated hacking algorithm. So, what we end up at the end is a very strong password, like the website kindly asked (or forced) us to do. At the same time, it's damn difficult if not impossible to remember. People end up endlessly hitting "recover password" or, far worse, write down their passwords in email or other notes on their computer which can easily be recovered by any novice hacker.

Tibi Puiu
October 23, 2015 @ 7:21 am

share Share

“Please enter a strong password”, is now an ubiquitous greeting whenever we try to register online. Security experts advise we use long passwords at least 12 characters in length,  which should include numbers, symbols, capital letters, and lower-case letters. Most websites nowadays force you to enter a password under some or all of these conditions. Moreover, the password shouldn’t contain dictionary words and combinations of dictionary words. Common substitution like “h0use” instead of “house” are also not recommended – these naive attempts will fool no automated hacking algorithm. So, what we end up at the end is a very strong password, like the website kindly asked (or forced) us to do. At the same time, it’s damn difficult if not impossible to remember. People end up endlessly hitting “recover password” or, far worse, write down their passwords in email or other notes on their computer which can easily be recovered by any novice hacker.

A group of information security experts have found a workaround to make passwords both strong and easy to remember: using randomly generated poems. Marjan Ghazvininejad and Kevin Knight of the University of Southern California were oddly enough inspired by an internet comic written by the now famous and always witty Randall Munroe of Xkcd.

horsey-troubadour

Credit: XKCD

The premise of the comic is that today’s passwords are easy for computers to guess and hard for humans to remember, which sounds rightfully ludicrous. Munroe proposed an alternative: four random common words; in this case “correct horse battery staple”, which sounds a lot more manageable. You could build a story around them, like Munroe did, or use a mnemonic technique like the memory palace to make things even easier. The catch though isn’t to select words from the top of your head. Instead, you use a computer to generate a large random number, which is then broken into four pieces with each section amounting to a code that corresponds to a word in the dictionary. In the first situation of the unintelligible password, the information contained amounts to 28 bits. Munroe’s password is 44 bits, which is higher and thus better.

Ghazvininejad and Knight advanced this further. They analyzed several password generation techniques, including Munroe’s, and found that the safest, but also easiest to remember passwords are those made up of rhyming words. If you look back in history, this sounds like a no-brainer. In ancient times, society was mostly oral. A culture’s history, scientific knowledge and literature were all passed on to subsequent generations by word of mouth. Think of poems like Homer’s Odyssey or the Epic of Gilgamesh.

To create the poems, each word of 327,868 found in the dictionary is assigned a code. A random number is generated, broken into pieces then used to generate two phrases. Here are some examples:

“And many copycat supplies
offenders instrument surprise”

“The warnings nonetheless displayed
the legends undergo brocade”

“The homer ever celebrate
the Asia gator concentrate”

“Montero manages translates
the Dayton artist fluctuates”

“The market doesn’t escalate
or hiring purple tolerate”

“And Jenny licensed appetite
and civic fiscal oversight”

Some are pretty good, some are awful, but at least they’re hard to break. In their paper, the authors say these passwords could take up to 5 million years to crack. You can generate your own rhyming password using this online tool, but the authors caution you shouldn’t actually use them since a potential hacker can download all the list. Instead, enter your email here and an automated program will send you a rhyming password which will be immediately deleted from the record there after.

Today, however, you’ll find little use for this trick. Most password policies require a number and/or special character. These passwords are also a bit too long for current policies. Then, if this system becomes common, automated hack methods can be made to guess these too much faster. It’s really interesting though and a much more entertaining password than 2d1s0gus71ng!93.

share Share

Tennis May Add Nearly 10 Years to Your Life and Most People Are Ignoring It

Could a weekly match on the court be the secret to a longer, healthier life?

Humans Have Been Reshaping Earth with Fire for at Least 50,000 Years

Fossil charcoal reveals early humans’ growing impact on the carbon cycle before the Ice Age.

The Strangest Microbe Ever Found Straddles The Line Between Life and Non-Life

A newly discovered archaeon blurs the boundary between cells and viruses.

This $8750 Watch Was Designed for Space and Could Finally Replace Apollo-era Omega Watches

An audacious new timepiece dares to outshine Omega’s legacy in space

The Brain May Make New Neurons in Adulthood and Even Old Age

Researchers identify the birthplace of new brain cells well into late adulthood.

Your gut has a secret weapon against 'forever chemicals': microbes

Our bodies have some surprising allies sometimes.

High IQ People Are Strikingly Better at Forecasting the Future

New study shows intelligence shapes our ability to forecast life events accurately.

Newborns Feel Pain Long Before They Can Understand It

Tiny brains register pain early, but lack the networks to interpret or respond to it

Cheese Before Bed Might Actually Be Giving You Nightmares

Eating dairy or sweets late at night may fuel disturbing dreams, new study finds.

Scientists Ranked the Most Hydrating Drinks and Water Didn't Win

Milk is more hydrating than water. Here's why.