Published in

The Magic Pantry

You might think you have a good password. After all, it’s unique to you, and it contains numbers and punctuation in weird places.

Well, have I got bad news!

# Passwords are Easy to Guess but Hard to Remember

Other people will have a hard time guessing your password. But other people don’t guess passwords. Computers do.

The fastest password-guessing computer that we know of can make about three hundred and fifty billion guesses per second. And that was in 2012. Let’s assume it can make a trillion guesses per second by now.

Making up a password from words and numbers that have meaning to you, perhaps adding some punctuation and scrambling things around, as so many people do, is a really, really bad idea. Please stop doing it.

# How to Make a Password Hard to Guess

Guessing passwords is exactly the same thing as guessing numbers.

Don’t believe me? Imagine a list of all possible passwords. Finding your password on the list is the same thing as finding how far through the list it is. Which is a number. QED.

When you choose a bad password, you are effectively choosing a random password from a relatively small list. By which I mean a list with just a few hundred billion different passwords on it, which is teeny-tiny by the standards of a computer that can make a trillion guesses per second.

How long should the list be if we want it to take an average human lifespan for the computer to guess our password?

## Step 1: Choose a Large Maximum Number

Let’s take the average human lifespan to be seventy-five years. According to NASA (and they know their stuff), there are 365.2422 days in an average year, and 86,400 seconds in a day.

After seventy-five years, our computer should have managed to try half of the passwords on the list if it is going to take that long to guess your password on average. For a computer that can make a trillion guesses per second, and rounding a little, that gives an impressively large number:

4,722,366,482,869,645,213,696

## Step 2: Select a Random Number Between 1 and the Maximum

You can choose a random number between 1 and the number above by flipping a coin seventy-two times, so we call it a seventy-two bit number.

Don’t believe me? Set your number to zero. Flip a coin and double your number, then add one only if you got heads. Repeat seventy-one times.

Here’s one I chose earlier: 2094332601996363358145

That would make for a pretty good password. The only trouble is, there’s no way I’m memorising a 22-digit number. Not happening.

# How to Make a Password Easy to Remember

We can make our hard-to-guess random number easy to remember by encoding it with more than just the ten digits.

One way of doing this is by using uppercase and lowercase letters as well as the digits (with a few ambiguous characters like the letter o and the number 0 omitted). Here’s what we get for our random number: 2SpT2paxdqGDE

That’s much shorter; just thirteen characters instead of twenty-two digits long. To a computer, it’s still the same number, and still makes for a pretty good password.

Don’t believe me? Try pasting it in to one of them doohickeys that show you the strength of your password, and it’ll go off the scale. Trust me.

There’s just one catch. It’s still hard to remember. Luckily, there’s another encoding we can try…

## Step 3: Encode the Random Number Using Words

I’ve built a list of thousands of simple words, omitting ones that are hard to spell, or which may have several different meanings, or which may be offensive to some people.

We can encode our large random number using just six words from the list.

Here’s our encoded random number: tripod reach rye cure loft cocoa

To a computer, that’s identical to: 2094332601996363358145

I hope you agree that it’s easier to remember!

## Step 4: Commit the Encoded Number to Memory

To remember these six words, start by dividing them into three pairs:

• tripod reach
• rye cure
• loft cocoa

Next, imagine walking through the front door of your home, and make up a funny story that places these three pairs of words in that physical space as you move through it, using a sequence of three sentences. Like this:

Opening the door I saw a tripod which I had to reach down to pick up. Then I entered the kitchen to pour a glass of rye to cure the pain in my feet. I slumped to the sofa wishing I had a loft so I could hide away with a cup of cocoa instead!

Do you think you can remember this secret, without writing it down or modifying it in any way (both of which would make it less secure)? Great!

Let’s recap what we’ve learned so far.

3. Then encode that large number as a short sequence of simple words.
4. Finally, memorise the words by associating an amusing story with something you remember well; walking through your home. You’re done!

To make this even easier, please visit secret.kranzky.com, where you will find an interface for doing all of this, and more!

Now that you can memorise a random 72-bit number, you should use it to protect a master list of all of your other passwords and private information.

You can do this with a password manager. I like to use LastPass, but there are several other great solutions, like DashLane and 1Password.

If you’re not sure how to get all this set up, ask someone who is good with computers. You’ll know you’ve asked the right person when their eyes light up when you say “password manager”.

2. Protect this with an unguessable secret that you’ve memorised.

And, just in case…

Never choose tripod reach rye cure loft cocoa as your secret! It’s mine!

(joking)

(but seriously never choose it; generate your own)

--

--

--

## More from The Magic Pantry

The Online Weblog of Lloyd Kranzky

## Jason Hutchens

Procrastinating perfectionist.