Researchers claim to have found the perfect way of creating a memorable and secure password.
When people pick passwords, they tend to choose real words that can be easily guessed by a computer. It would be much better to choose a long string of different characters, but those are often forgotten.
As a rule, the easier a password is to remember, the easier it is to guess. Choosing 12345, for instance — still easily one of the most popular passwords — won’t be forgotten any time soon but it also won’t actually be much use for keeping people out of your computer.
Security experts therefore recommend that users automatically generate or choose an unusual word, which couldn’t be guessed by computers that automatically enter passwords in an attempt to get through logins.
But new research claims to have created a method of generating passwords that makes them incredibly difficult to guess but at the same time easy to remember — poetry.
In a new paper, Marjan Ghazvininejad and Kevin Knight argue that generating passwords that have a metrical rhythm and rhyming words will allow people to commit them to memory — even if they are randomly generated and nonsensical.
The researchers referenced an image created as part of XKCD, the popular online comic series. In that, author Randall Monroe points out that while people tend to choose strange words for passwords, it would actually be much more secure to pick longer random words, like “correct horse battery staple”.
Those four random words are chosen through a random number generator. Each of those words then corresponds with a word in the dictionary, which leads to the words themselves. That makes them very hard to guess, since a computer would have to try billions of combinations.
But putting the words together also makes them easier to remember. Users can tell a story in their head that involves each of the four words, and then use that story to remember their own password.
The researchers used a similar method, but chose poetry instead of a randomly generated story. They used the same random number method for picking words in the dictionary — but told the computer to ensure that the words rhyme and are in iambic tetrameter.[related-posts]
That generated small — sometimes unusual and meaningless — poems, such as:
Because of humans’ capacity for remembering poems, the nonsensical and hard to guess words are all the same easy to remember.
But since the computer is generating the poems randomly, other examples are very bad:
The shirley emmy plebiscite
complete suppressed unlike invite
If the poems are to be automatically generated, however, an algorithm could be developed that would be able to recognize those bad poems and sort them out. That would mean that the system would only generate those poems that it knew would work for people.
Humans could use the technique without relying on an algorithm, however. Even choosing four random words as in the XKCD example that together rhymed and had a poetic rhythm would be more secure than choosing just one random word.
The researchers say that in the future computers will be able to generate yet more realistic and easy to remember poetry. They might be able to mine data in emails, for instance, to create automatic passwords that are personalized and so easier to recall.[Independent]