Two University of Southern California researchers set out to prove a secure and memorable password is possible. What they came up with, at least according to their own experiment, works extremely well.
They were inspired by an XKCD cartoon that proposed converting a random 44-bit password into illogical English words. But they went further. They used a 327,868 word dictionary and assigned each word a distinct 15-bit code. They then took a system-assigned 60-bit code and split it into four 15-bit sequences, substituting each sequence with its corresponding word.
Eventually, they wound up with a computer program that randomly pairs nonsensical sentences that rhyme. “Because ancient people used poetic devices to memorize long epics, we guessed that rhyming poetry might be useful for creating memorable passwords,” says Kevin Knight with USC’s Department of Computer Science. “If a user’s poem is more sensible than one generated by our machine, then it is likely to be a member of a much smaller set of poems, and therefore guessable in much less time.”
The format for the rhyming iambic tetrameter password:
- The poem contains two lines of eight syllables each
- Lines are in iambic meter, i.e., their syllables have the stress pattern 01010101, where 0 represents an unstressed syllable and 1 represents a stressed syllable.
- The two lines end in a pair of rhyming words
Here are a few examples of a random password generated by the program:
Protect evacuate success, inspired marathon unless
The sections highly mechanized, depict afflicting analyzed
Despite the Texas compensate, a massive corners fluctuate
It may be weird, but Knight figures these passwords would take millions of years to crack.
Knight and his USC co-author, Marjan Ghazvininejad, are making their password generator available to the masses, although there’s a long wait. At last check, the wait time for getting your own unique iambic tetrameter password was about 300 hours.
Ghazvininejad says more than 11,000 people have used the system.