recommended reading

How to Create a Supersecure Password You’ll Never Forget: Use Poetry

kpatyhka/Shutterstock.com

If you’re like most people, your passwords are terrible. You might have just one insecure password that you use for everything.

A pair of computational linguists at the University of Southern California have a possible answer to your easy-to-hack habits. They set out (pdf) to automatically generate unique passwords that are both easy for humans to remember and very difficult for computers to crack. They found inspiration from, of all things, poetry.

“But my password is great!” you protest. “It has a capital letter, and I used a ‘zero’ instead of an ‘o’!” That’s not nearly good enough.

If you’re like most people, your passwords are terrible. You might have just one insecure password that you use for everything.

Method Output
All Letter Parking and utilities have been searching for a third straight road win
All Letter It was the same girl and now a law professor in the former east german town
Frequency The review found a silver tree through documents and artifacts
Frequency These big questions are bothering me a bit stronger
Poetry Joanna kissing verified / soprano finally reside
Poetry Surprise celebrity without / the dragging allison throughout

The researchers then tested these results on a small group of subjects, seeing which passwords people remembered most readily and which they preferred. Poetry passwords were among the easiest to memorize. Subjects tended to prefer the sentences, but they weren’t actually that good at remembering them. They would recall the gist of the sentence, but mis-remember the exact wording.

The rhyming and rhythm of poetry could be what makes poem-passwords easier to remember. After all, as the authors point out, this helped ancient bards memorize epic poems so long that people today are reluctant to even read them.

You can try the poem-password generator yourself. Here’s some sample output:

Received rotations certified / affects the Yorkshire countryside

The former trainer organized / a windy belting neutralized

Restrictive Dominic decry / supporting artists specify

The Moscow clearly illustrates / the fluent drummer demonstrates

The giants running scholarship / and Matthew cater fellowship

Supports a single fertilized / surveyed impose a polarized

These long poems and sentences might run afoul of some services’ maximum-character limits on passwords, but such restrictions are generally considered bad practice. And passwords themselves may be on the way out as a means of protecting your information regardless. But way back in 2004 Bill Gates predicted the death of the password, so don’t hold your breath.

(Image via kpatyhka/Shutterstock.com)

Threatwatch Alert

Network intrusion

Pizza Hut Website, Mobile App Burned by Hackers

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov