Business Insider reports that Marjan Ghazvininejad and Kevin Knight, researchers at the University of Southern California, recently published a paper that details the methods used. Ghazvininejad and Knight assigned a number to every word in the dictionary and then used a random number generator to select groups of words and form phrases.
Although the password would already be secure at this point, the pair went a step further to make it memorable too. The resulting random phrase is fed through a computer program that ensures it ends in a rhyme and uses the iambic tetrameter poetic rhythm.
The resulting passwords are highly memorable but super-secure. Examples listed by The Washington Post include:
“The reigning Hagen journeyman
believers mini minivan”
“A peanut never classified
expected branches citywide”
“And British fiction engineer
Travolta captured bombardier”
The project began when the researchers scientifically evaluated the effectiveness of using random words as a secure password. A common issue with passwords is that security is a product of complexity but complexity hinders memory. The most memorable passwords are typically the least secure ones, something that Ghazvininejad and Knight believe their system overcomes.
Their “poetic passwords” are long, filled with random words that could be arranged in millions of combinations and, crucially, highly memorable. Rhymes have been used throughout history to make it easy to keep a grasp on important common knowledge and are often still used today by students studying and revising.
The passwords can be made even more secure by adding some punctuation, an attribute many sites will require. A comma could be added between lines or the entire phrase wrapped in quotation marks to add another level of complexity, making the phrase even tougher to crack.
The researchers have made their tool publicly accessible. A website setup by the pair lets you enter your email address and have a password poem sent securely to you. Since the media began covering their project, Ghazvininejad and Knight have seen exceptional traffic to their servers and there is currently a waiting time of over 400 hours.
