Tip of the Week: Make Your Password Rhyme Every Time

Password security is quite the conundrum. We want our passwords to be easy to remember, but the problem is that passwords that are easy to remember are often simple and insecure. Therefore, it becomes a best practice to use complicated passwords with both upper and lower-case letters, numbers, and symbols to compensate. The “passpoem” might resolve this issue in the most obvious way.

The method in question suggests that passwords chosen by your average PC user aren’t nearly as secure as they should be, but are very easy to remember. As explained in an essay from the university of Southern California, written by Marjan Ghazvininejad and Kevin Knight, it’s best to use randomly generated 60-bit strings (basically, a series of 60 ones and zeros), and convert these strings into words or phrases.

Confused? Let us explain a little more in detail. This method is derived from a XKCD comic (which you can find here) that describes the difficulty of remembering passwords. Basically, what it entails is taking a string of numbers, like 10101101010100101101010101010101010110101101, and converting segments of this code into words to create an English phrase. The above string would wind up reading “correct horse battery staple,” which is complete and utter nonsense, but very easy to remember by associating it with a mental image or a story.

Rather than use a 44-bit string like the above example, Ghazvininejad and Knight suggest using a 60-bit string to increase security, and to create a poem-like string of words that makes sense and is easy to remember. Going too in-depth into this method would take a considerable amount of time to explain, but the basic idea is to create something that’s easy to remember while making it borderline impossible for a computer to guess. By today’s standards, the 44-bit string would take around an hour to crack, while a 60-bit string would take well over a decade. How’s that for secure?

While using segments from existing poems is a possibility, Knight and Ghazvininejad don’t suggest doing so. Considering how there are millions of poems online, the chances of getting hacked are much higher than if the string of characters were truly random. However, while using a line from your favorite poem isn’t as secure as a string of 60 characters, it’s certainly more secure than using a simple password like “MOM385” or “password.” On one hand, you’re using real words that can be used in a dictionary attack; but on the other, you’re using a long password (which is a best practice). So, it’s really up to you to decide how you want to approach password security.

Of course, you’ll need multiple passwords for all of your different accounts. This in itself can make memorizing passwords a huge pain. Therefore, the best way that you can remember all of your passwords and effectively use them to maximize your account security, is by taking advantage of a password manager. k_Street Consulting, LLC can help your business get set up with the best password manager on the market. To learn more, give us a call at (202) 640-2737.