The Perfect Password Is Six Words Long And Rhymes


There’s a Catch-22 involved in choosing an online password: it’s either easy to remember and easy to break, or tough to hack and even tougher to remember. As life moves increasingly online, this quandary becomes an increasingly urgent one to resolve; luckily, two researchers at the University of Southern California Information Sciences Institute think they have the answer. Marjan Ghazvininejad and Kevin Knight of the computer science department, using a random number generator and some ingenuity, have come up with a way to make a password that’s not only memorable and secure, but also has a bit of artistic flair.

The researchers proudly attribute their inspiration to an XKCD comic by creator Randall Munroe, whose uniquely intellectual cartoons stem from his background as a physics graduate and former NASA roboticist. The six-panel comic in question introduced a novel system for password creation based on increasing the number of bits (units of information) involved in a brute-force attack, which would randomly try all possible permutations of the given number of bits until it found the right one. Even if a user were to follow all the suggestions for strengthening a password—including choosing an uncommon word, replacing letters with numbers, adding special characters, and capitalizing certain letters—a so-called strong password might only take a sophisticated computer a matter of minutes to break. Munroe’s comic suggests avoiding such pitfalls by opting for four common but randomly selected words instead, and creating a story around the nonsensical phrase to render it meaningful. The original comic gave the phrase “correct horse battery staple” as an example. Silly, but as Munroe cheekily points out, most readers will already have memorized it within the minute it takes to read the comic.

In their recent paper [PDF], Knight and Ghazvininejad take Munroe’s method a step further by converting a computer-generated 60-bit string of characters into corresponding words from a 327,868-word dictionary. These words are then assembled into either ungrammatical prose “sentences” or, even better, rhyming iambic tetrameter couplets. Their rationale for the latter approach stems from humanity’s long history of remembering the past by turning it into poetry (see, for example, Beowulf, Ovid’s Metamorphoses, the Mahabharata, etc.). Unlike these epics, Ghazvininejad and Knight’s passwords are only two lines long with eight syllables each, and yet, at current computing rates, the scientists calculate that it could take as long as 11.3 years to guess it.

The paper gives a sample poem password—“The legendary Japanese/ Subsidiaries overseas”—that demonstrates how meter and rhyme work in tandem to increase the phrase’s memorability. In a test of real-world practicality, 61.5% participants who returned two days after having been assigned a poem-password were able to recall it correctly. The paper makes no mention of any incentive for the participants to put any effort into remembering their assigned passwords, but it seems reasonable to assume that they would have put at least as much work, if not more, into remembering a simple couplet when their own personal information was on the line.

For anyone eager to see what other kinds of password masterpieces Knight and Ghazvininejad’s method might turn up, they’ve provided an online generator that creates a new couplet upon every refresh. The results range from silly to sillier:

Domestic business limousine 
the flashy shopping unforeseen

The damage meekly enterprise 
requested swirling butterflies

Mercedes infant absentee 
militia matter Tennessee

The winter ratio reside 
the fragrances or homicide

The promises McCain Louie 
incumbent Democrat McKee

The researchers stress, however, that the site is only for demonstration purposes; a potential hacker could easily download the entire database of options the site provides, thereby defeating the purpose of using any of those passwords. For actual secure use, there’s a different site, in which users can input their email addresses and be sent a private password, which will then be deleted from the system entirely.

[h/t Washington Post]

The Queen of Code: Remembering Grace Hopper
By Lynn Gilbert, CC BY-SA 4.0, Wikimedia Commons

Grace Hopper was a computing pioneer. She coined the term "computer bug" after finding a moth stuck inside Harvard's Mark II computer in 1947 (which in turn led to the term "debug," meaning solving problems in computer code). She did the foundational work that led to the COBOL programming language, used in mission-critical computing systems for decades (including today). She worked in World War II using very early computers to help end the war. When she retired from the U.S. Navy at age 79, she was the oldest active-duty commissioned officer in the service. Hopper, who was born on this day in 1906, is a hero of computing and a brilliant role model, but not many people know her story.

In this short documentary from FiveThirtyEight, directed by Gillian Jacobs, we learned about Grace Hopper from several biographers, archival photographs, and footage of her speaking in her later years. If you've never heard of Grace Hopper, or you're even vaguely interested in the history of computing or women in computing, this is a must-watch:

The Plugin That Keeps the Internet From Spoiling Santa Claus

During simpler times, the biggest threat to a child's belief in Santa was usually older siblings or big-mouthed classmates. Today, kids have access to an entire world wide web, full of potentially Santa-spoiling content. Luckily, there's a plugin that helps parents maintain their kids’ innocence through the holidays.

Created by the virtual private network provider Hide My Ass (HMA), the free software analyzes web activity for any information that might threaten to “bring a child’s belief in Santa crashing down.” In place of the problematic content, the plugin brings up an image of the jolly man himself. Typing the phrase “Santa is not real” into Google, for example, will instead take you to a web page showing nothing but a soft-focused St. Nick pointing into the camera and staring at you with judgmental eyes. The plugin is also designed to work for social media communications, internet ads, and articles like this one.

Hide My Ass

According to a survey of 2036 parents by HMA, one in eight children in the U.S. have their belief in Santa ruined online. Whether it's because of the internet or other related factors, the age that children stop believing in Santa is lower than ever.

The average age that current parents lost their faith in Santa Claus was 8.7 years old, and for today’s kids it’s 7.25 years. Concerned parents can download the plugin for Chrome here, though it may not be enough to hide every type of Santa spoiler: Of the parents who blamed the internet, 26 percent of them reported kids snooping over their shoulder as they shopped for gifts online.


More from mental floss studios