Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

How to create a safe, secure and easy-to-remember password? Poetry is key to internet security, researchers find

Humans have used rhyming and bouncy poetry as a way to memorise things for centuries — and researchers are finally putting that capacity to work in very modern ways

Andrew Griffin
Friday 23 October 2015 11:35 BST
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked (Reuters)

Researchers claim to have found the perfect way of creating a memorable and secure password.

When people pick passwords, they tend to choose real words that can be easily guessed by a computer. It would be much better to choose a long string of different characters, but those are often forgotten.

As a rule, the easier a password is to remember, the easier it is to guess. Choosing 12345, for instance — still easily one of the most popular passwords — won’t be forgotten any time soon but it also won’t actually be much use for keeping people out of your computer.

Security experts therefore recommend that users automatically generate or choose an unusual word, which couldn’t be guessed by computers that automatically enter passwords in an attempt to get through logins.

But new research claims to have created a method of generating passwords that makes them incredibly difficult to guess but at the same time easy to remember — poetry.

In a new paper, Marjan Ghazvininejad and Kevin Knight argue that generating passwords that have a metrical rhythm and rhyming words will allow people to commit them to memory — even if they are randomly generated and nonsensical.

The researchers referenced an image created as part of XKCD, the popular online comic series. In that, author Randall Monroe points out that while people tend to choose strange words for passwords, it would actually be much more secure to pick longer random words, like “correct horse battery staple”.

Those four random words are chosen through a random number generator. Each of those words then corresponds with a word in the dictionary, which leads to the words themselves. That makes them very hard to guess, since a computer would have to try billions of combinations.

But putting the words together also makes them easier to remember. Users can tell a story in their head that involves each of the four words, and then use that story to remember their own password.

USA: Obama reveals old passwords: 12345 , and password

The researchers used a similar method, but chose poetry instead of a randomly generated story. They used the same random number method for picking words in the dictionary — but told the computer to ensure that the words rhyme and are in iambic tetrameter.

That generated small — sometimes unusual and meaningless — poems, such as:

Sophisticated potentates
misrepresenting Emirates

Because of humans’ capacity for remembering poems, the nonsensical and hard to guess words are all the same easy to remember.

But since the computer is generating the poems randomly, other examples are very bad:

The shirley emmy plebiscite
complete suppressed unlike invite

If the poems are to be automatically generated, however, an algorithm could be developed that would be able to recognise those bad poems and sort them out. That would mean that the system would only generate those poems that it knew would work for people.

Humans could use the technique without relying on an algorithm, however. Even choosing four random words as in the XKCD example that together rhymed and had a poetic rhythm would be more secure than choosing just one random word.

The researchers say that in the future computers will be able to generate yet more realistic and easy to remember poetry. They might be able to mine data in emails, for instance, to create automatic passwords that are personalised and so easier to recall.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in