How to create the perfect password

The news of the recent data breach which affected 500 million Yahoo accounts has highlighted again the issue of IT security and data protection. The Yahoo email hack is certainly an extreme case and every day experts around the world work to make online services more secure through mechanisms such as double check, monitoring of logins from other devices and data encryption. However, users can help increase system security by adopting difficult to predict passwords.

When you create a very strong password the main problem is being able to remember it: the more secure a password is, the more difficult it is to remember. Guessing a password like 6&gdNuNLW&^% may take billions of tries, too many even for an Artificial Intelligence. Remembering it for a human would be just as difficult: therefore, is there a way to create a secure and at the same time easy-to-remember password? Ana Swanson from the Washington Post writes that two researchers at the University of Southern California may have finally come up with a great solution. Marjan Ghazvininejad and Kevin Knight have published a paper in which they show a way for creating passwords hard to crack and relatively easy to remember: randomly-generated poems.

password strength

Source: Xkcd.com
Ghazvininejad and Knight say that a combination of just four random words is very difficult to decipher (for a hacker or a computer), yet easy to remember. The idea basically is not new: nursery rhymes and poems have been used by mankind for years as a tool for remembering things. We think of verses like “Thirty days hath September” or “MVery Educated Mother Just Served UNachos“, used to remember the order of planets from the Sun. Ghazvininejad and Knight have therefore used a software to create small poems in rhyme from a 327,868 words dictionary.

The results are hilarious and nonsensical (“The clashes singing superstar mechanic massive caviar“), but easy to remember and above virtually impossible to decipher, even for a super-fast computer. The two researchers also put online a tool for generating these poems: just enter your email address and receive your custom password, which obviously should not be disclosed! The only problem are the restrictions on the number of characters that still exist for the passwords of many sites: fortunately, however, more and more sites are considering dropping the character limit, since now it is clear that shorter passwords are a lot less secure.