The Perfect Password Is Six Words Long And Rhymes


There’s a Catch-22 involved in choosing an online password: it’s either easy to remember and easy to break, or tough to hack and even tougher to remember. As life moves increasingly online, this quandary becomes an increasingly urgent one to resolve; luckily, two researchers at the University of Southern California Information Sciences Institute think they have the answer. Marjan Ghazvininejad and Kevin Knight of the computer science department, using a random number generator and some ingenuity, have come up with a way to make a password that’s not only memorable and secure, but also has a bit of artistic flair.

The researchers proudly attribute their inspiration to an XKCD comic by creator Randall Munroe, whose uniquely intellectual cartoons stem from his background as a physics graduate and former NASA roboticist. The six-panel comic in question introduced a novel system for password creation based on increasing the number of bits (units of information) involved in a brute-force attack, which would randomly try all possible permutations of the given number of bits until it found the right one. Even if a user were to follow all the suggestions for strengthening a password—including choosing an uncommon word, replacing letters with numbers, adding special characters, and capitalizing certain letters—a so-called strong password might only take a sophisticated computer a matter of minutes to break. Munroe’s comic suggests avoiding such pitfalls by opting for four common but randomly selected words instead, and creating a story around the nonsensical phrase to render it meaningful. The original comic gave the phrase “correct horse battery staple” as an example. Silly, but as Munroe cheekily points out, most readers will already have memorized it within the minute it takes to read the comic.

In their recent paper [PDF], Knight and Ghazvininejad take Munroe’s method a step further by converting a computer-generated 60-bit string of characters into corresponding words from a 327,868-word dictionary. These words are then assembled into either ungrammatical prose “sentences” or, even better, rhyming iambic tetrameter couplets. Their rationale for the latter approach stems from humanity’s long history of remembering the past by turning it into poetry (see, for example, Beowulf, Ovid’s Metamorphoses, the Mahabharata, etc.). Unlike these epics, Ghazvininejad and Knight’s passwords are only two lines long with eight syllables each, and yet, at current computing rates, the scientists calculate that it could take as long as 11.3 years to guess it.

The paper gives a sample poem password—“The legendary Japanese/ Subsidiaries overseas”—that demonstrates how meter and rhyme work in tandem to increase the phrase’s memorability. In a test of real-world practicality, 61.5% participants who returned two days after having been assigned a poem-password were able to recall it correctly. The paper makes no mention of any incentive for the participants to put any effort into remembering their assigned passwords, but it seems reasonable to assume that they would have put at least as much work, if not more, into remembering a simple couplet when their own personal information was on the line.

For anyone eager to see what other kinds of password masterpieces Knight and Ghazvininejad’s method might turn up, they’ve provided an online generator that creates a new couplet upon every refresh. The results range from silly to sillier:

Domestic business limousine 
the flashy shopping unforeseen

The damage meekly enterprise 
requested swirling butterflies

Mercedes infant absentee 
militia matter Tennessee

The winter ratio reside 
the fragrances or homicide

The promises McCain Louie 
incumbent Democrat McKee

The researchers stress, however, that the site is only for demonstration purposes; a potential hacker could easily download the entire database of options the site provides, thereby defeating the purpose of using any of those passwords. For actual secure use, there’s a different site, in which users can input their email addresses and be sent a private password, which will then be deleted from the system entirely.

[h/t Washington Post]

Big Questions
Why Are the Keys On a QWERTY Keyboard Laid Out As They Are?

Why are the keys on a QWERTY keyboard laid out as they are?

C Stuart Hardwick:

What is commonly called QWERTY (more properly, the Sholes layout) was designed by Christopher Lathan Sholes, then modified through a series of business relationships. Sholes's original keyboard was alphabetical and modeled after a printing telegraph machine. The alphabetical layout was easy to learn, but not easy to type on.

For one thing, all practical typing machines of the day relied on mechanical levers, and adjacent letters could jam if struck with rapidity. There has long been a myth that Sholes designed the QWERTY layout to slow typists down in order to prevent this. Nothing could be further from the truth, but Sholes’s first customers were telegraphers. Over several years, he adapted the piano-like alphabetical keyboard into
a four-row keyboard designed to aid telegraphers in their transcription duties.

This new layout mostly spread out commonly struck keys, but also placed easily confused telegraph semaphores together. This layout was sufficient to permit telegraph transcription to keep up with transmissions and created a growing market.

During this time, Sholes teamed up with several other inventors to form a typewriter company with assignment of all related patents. An association with Remington led to increased sales, at which time another company acquired the shift platen patent that permits a typewriter to type in mixed case, and they seem to have made a few essentially random changes in order to avoid the original typewriter company patents.

So that’s it then, right? QWERTY is crap?

Well, no. QWERTY was based mostly on the needs of telegraphers in transcribing Morse code, and Morse had been scientifically designed to make transmission of English language messages as efficient as possible. The result is that the QWERTY arrangement is pretty good—efficiency-wise.

In the 1930s, John Dvorak used modern time-motion study techniques to design his own keyboard, and around it had grown up a whole cult following and mythology. But the fact is, it’s much ado about nothing. Careful scientific studies in the 1950s, '70s, and '80s have shown that choice between the Sholes and Dvorak layout makes no material difference in typing speed. Practice and effort are what yields rapid typing, and studies of professional typists have shown that however well we may perform on timed trials, few typists ever exceed 35 words per minute in their daily work.

So relax. Take an online typing course, practice a little, and relax.

This post originally appeared on Quora. Click here to view.

Afternoon Map
Monthly Internet Costs in Every Country

Thanks to the internet, people around the world can conduct global research, trade tips, and find faraway friends without ever leaving their couch. Not everyone pays the same price for these digital privileges, though, according to new data visualizations spotted by Thrillist.

To compare internet user prices in each country, cost information site created a series of maps. The data comes courtesy of English market research consultancy BDRC and, which teamed up to analyze 3351 broadband packages in 196 nations between August 18, 2017 and October 12, 2017.

In the U.S., for example, the average cost for internet service is $66 per month. That’s substantially more than what browsers pay in neighboring Mexico ($27) and Canada ($55). Still, we don’t have it bad compared to either Namibia or Burkina Faso, where users shell out a staggering $464 and $924, respectively, for monthly broadband access. In fact, internet in the U.S. is far cheaper than what residents in 113 countries pay, including those in Saudi Arabia ($84), Indonesia ($72), and Greenland ($84).

On average, internet costs in Asia and Russia tend to be among the lowest, while access is prohibitively expensive in sub-Saharan Africa and in certain parts of Oceania. As for the world’s cheapest internet, you’ll find it in Ukraine and Iran.

Check out the maps below for more broadband insights, or view’s full findings here.

Map of Internet costs in each country created by information site

Map of Internet costs in each country created by information site

Map of Internet costs in each country created by information site

Map of Internet costs in each country created by information site

Map of Internet costs in each country created by information site

[h/t Thrillist]


More from mental floss studios