When you're trying to come up with a new password on a website or mobile app, it probably goes something like this: You think of a word, add in your birthday or zip code, and sprinkle in some capital letters and a symbol for good measure. The result is something ridiculous, like B@th?T0b10007.
Unfortunately, passwords like that take only a few seconds for a computer to crack.
When extramarital-affair website Ashley Madison was hacked, the collection of exposed passwords attracted the attention of cybersecurity analysts. The picture that came into focus was that the majority of the site's users had unimaginative, easy-to-crack passwords. Nearly 5 million users had passwords that consisted solely of lowercase letters, and millions of others used numbers and lowercase letters or just numbers.
By now, most Internet users know that alphanumeric passwords are not enough to protect an account from a targeted attack. For years the cybersecurity world has been stressing the potential of two-factor authentication, biometrics, and other technologies and protocols, but most have yet to catch on with consumers.
But now there is a way to come up with passwords that are both hard for a hacker to crack and easy for you to remember. An article by Nikhil Sonnad in Quartz details the work of Marjan Ghazvininejad and Kevin Knight, computational linguists at the University of Southern California. The pair have written a whitepaper on random, auto-generated passwords that would take a computer 11 years to figure out but that you're unlikely to forget.
The researchers' password generator spits out 60-digit strings of binary code and translates them into, of all things, lines of rhyming poetry. The odd collection of words in the poems is difficult for a hacker to deduce--far more so than when you try substituting symbols for letters or other common conventional-password strategies.
"In ancient times, people recorded long, historical epics using poetry, to enhance memorability. We follow this idea by turning each system-assigned 60-bit string into a short, distinct English poem. Our format is the rhyming iambic tetrameter couplet," Ghazvininejad and Knight write.
Test out the generator by clicking here, and read some secure poetic passwords made by Ghazvininejad's and Knight's program below:
Hitachi monitored imbued
the mention mocking attitude.
The raucous undergoes remorse
policing practices divorce.
The Chairman wanted anyway
concurrent clinging Pinochet.
The closest occupants until
the Panthers specimens Brazil.