Yahoo Kills Passwords On Email Accounts

Researchers: Perfect Password Generator For Windows 10, Facebook Is Pure Xkcd Poetry

Having trouble coming up with the perfect password for Facebook or Windows 10? You are not alone since many people will resort to easily memorable passwords like “password” or “12345678” so they will not be forgotten. Unfortunately, such easy passwords are also simple to hack, and thus, they are completely insecure.

According to two researchers, a perfect password generator only needed to incorporate a little poetry. The idea came from a Xkcd comic, but if the idea becomes widespread, it could almost make internet security poetic.

In a related report by the Inquisitr, Bill Gates has long predicted the death of the password, and so, the Windows 10 password system incorporated new technology in order to give conventional passwords a shove off the proverbial cliff.

The xkcd password generator is actually fairly old at this point in time. You can find one such example of the perfect password generator on a blog called Phreshing On Programming, and they even provide the Java source code.

The basic concept stems from an old xkcd comic from 2011 which makes a joke out of the passwords we humans commonly resort to using.

xkcd password generator

There have been different implementations of the xkcd password generator, but the basic premise includes an emphasis on the usage of common English words put together in odd phrases. Nowadays, security experts require people to create these bizarre passwords comprised of odd symbols and numbers. While computer hackers may have trouble cracking these passwords in a timely manner, the average joe also has trouble remembering these passwords at all.

Enter Marjan Ghazvininejad and Kevin Knight. According to these researchers, perfect password generators need to produce a phrase that is both secure and memorable.

“User-generated passwords tend to be memorable, but not secure. A random, computer generated 60-bit string is much more secure. However, users cannot memorize random 60- bit strings,” explains the abstract published in the paper for the Department of Computer Science at the University of South California. “In this paper, we investigate methods for converting arbitrary bit strings into English word sequences (both prose and poetry), and we study their memorability and other properties.”

The two researchers say their perfect password proposal is indeed inspired by the xkcd password generator. The biggest issue with the comic is that the phrase “correct horse battery staple” is nonsense, so their paper considers how a random password generator might produce memorable sequences of English words. They compared multiple methods, including the xkcd password scheme, but in the end they turned to poetry.

“In ancient times, people recorded long, historical epics using poetry, to enhance memorability. We follow this idea by turning each system-assigned 60-bit string into a short, distinct English poem,” they explain.

The researchers’ perfect password research culminated in an experiment in which 62 participants tried the different methods. They found that poetry and the xkcd method yielded the easiest to remember passwords, but people preferred the poetry approach since this made it easier to recall longer sentences rather than a nonsensical four-word phrase.

“We introduced several methods for generating secure passwords in the form of English word sequences. We learned that long sentences are seemingly easy to remember, but actually hard to reproduce, and we also learned that our poetry method produced relatively short, memorable passwords that are liked by users,” they wrote in the conclusion.

Of course, the researchers’ perfect password experiment did not get into the practicality of their methods. While a 12-word phrase may take millions of years for a hacker to crack, you have to wonder if the average Windows 10 and Facebook user would enjoy typing these super long phrases into their mobile devices using on-screen keypads. We may be forced to use voice-to-text, which could in turn use voice recognition instead of a typed password. But even that approach has issues since Cortana apparently has hearing problems, which the CEO of Microsoft found out the hard way.