homehome Home chatchat Notifications


Hard to crack and easy to remember password? Try a poem

"Please enter a strong password", is now an ubiquitous greeting whenever we try to register online. Security experts advise we use long passwords at least 12 characters in length, which should include numbers, symbols, capital letters, and lower-case letters. Most websites nowadays force you to enter a password under some or all of these conditions. Moreover, the password shouldn't contain dictionary words and combinations of dictionary words. Common substitution like "h0use" instead of "house" are also not recommended - these naive attempts will fool no automated hacking algorithm. So, what we end up at the end is a very strong password, like the website kindly asked (or forced) us to do. At the same time, it's damn difficult if not impossible to remember. People end up endlessly hitting "recover password" or, far worse, write down their passwords in email or other notes on their computer which can easily be recovered by any novice hacker.

Tibi Puiu
October 23, 2015 @ 7:21 am

share Share

“Please enter a strong password”, is now an ubiquitous greeting whenever we try to register online. Security experts advise we use long passwords at least 12 characters in length,  which should include numbers, symbols, capital letters, and lower-case letters. Most websites nowadays force you to enter a password under some or all of these conditions. Moreover, the password shouldn’t contain dictionary words and combinations of dictionary words. Common substitution like “h0use” instead of “house” are also not recommended – these naive attempts will fool no automated hacking algorithm. So, what we end up at the end is a very strong password, like the website kindly asked (or forced) us to do. At the same time, it’s damn difficult if not impossible to remember. People end up endlessly hitting “recover password” or, far worse, write down their passwords in email or other notes on their computer which can easily be recovered by any novice hacker.

A group of information security experts have found a workaround to make passwords both strong and easy to remember: using randomly generated poems. Marjan Ghazvininejad and Kevin Knight of the University of Southern California were oddly enough inspired by an internet comic written by the now famous and always witty Randall Munroe of Xkcd.

horsey-troubadour

Credit: XKCD

The premise of the comic is that today’s passwords are easy for computers to guess and hard for humans to remember, which sounds rightfully ludicrous. Munroe proposed an alternative: four random common words; in this case “correct horse battery staple”, which sounds a lot more manageable. You could build a story around them, like Munroe did, or use a mnemonic technique like the memory palace to make things even easier. The catch though isn’t to select words from the top of your head. Instead, you use a computer to generate a large random number, which is then broken into four pieces with each section amounting to a code that corresponds to a word in the dictionary. In the first situation of the unintelligible password, the information contained amounts to 28 bits. Munroe’s password is 44 bits, which is higher and thus better.

Ghazvininejad and Knight advanced this further. They analyzed several password generation techniques, including Munroe’s, and found that the safest, but also easiest to remember passwords are those made up of rhyming words. If you look back in history, this sounds like a no-brainer. In ancient times, society was mostly oral. A culture’s history, scientific knowledge and literature were all passed on to subsequent generations by word of mouth. Think of poems like Homer’s Odyssey or the Epic of Gilgamesh.

To create the poems, each word of 327,868 found in the dictionary is assigned a code. A random number is generated, broken into pieces then used to generate two phrases. Here are some examples:

“And many copycat supplies
offenders instrument surprise”

“The warnings nonetheless displayed
the legends undergo brocade”

“The homer ever celebrate
the Asia gator concentrate”

“Montero manages translates
the Dayton artist fluctuates”

“The market doesn’t escalate
or hiring purple tolerate”

“And Jenny licensed appetite
and civic fiscal oversight”

Some are pretty good, some are awful, but at least they’re hard to break. In their paper, the authors say these passwords could take up to 5 million years to crack. You can generate your own rhyming password using this online tool, but the authors caution you shouldn’t actually use them since a potential hacker can download all the list. Instead, enter your email here and an automated program will send you a rhyming password which will be immediately deleted from the record there after.

Today, however, you’ll find little use for this trick. Most password policies require a number and/or special character. These passwords are also a bit too long for current policies. Then, if this system becomes common, automated hack methods can be made to guess these too much faster. It’s really interesting though and a much more entertaining password than 2d1s0gus71ng!93.

share Share

Being Left-Handed Might Not Make You More Creative After All

It's less about how you use your hands than how you use your brain.

Interstellar comet: Everything We Know About 3I/ATLAS

The visitor is simply passing through our solar system.

People Across Cultures Agree This Body Fat Percentage Is the Most Attractive in Men

Across cultures and genders the male body fat level we consider ideal is less extreme than you think.

Japan’s Wooden Satellite Survived Orbit for 116 Days. Now Scientists Want a Better Version

With lessons learned from their first attempt, Kyoto University scientists hope a second CubeSat made of magnolia will spark an age of wooden spacecraft.

The US Military Emits More CO2 Than Sweden. But A Slight Budget Cut Could Have an Oversized Positive Effect

New study finds reducing defense budgets has a larger impact than increasing them.

This Ancient Grain Could Power the Future of 3D-Printed Food

Sorghum bioink could be the next step towards printed food.

This study suggests zapping people's brains could make them better at math

You're not bad at math. You've just not been zapped enough.

Tennis May Add Nearly 10 Years to Your Life and Most People Are Ignoring It

Could a weekly match on the court be the secret to a longer, healthier life?

Humans Have Been Reshaping Earth with Fire for at Least 50,000 Years

Fossil charcoal reveals early humans’ growing impact on the carbon cycle before the Ice Age.

The Strangest Microbe Ever Found Straddles The Line Between Life and Non-Life

A newly discovered archaeon blurs the boundary between cells and viruses.