Creating a Secure Password: So Easy a 12-Year-Old Can Do It

If you’re worried about hackers, you can always think up a super-secure password on your own.

A safer bet, though, would be to write a poem. Or better yet, consult a 12-year-old.

These are two methods of generating passwords that are making headlines.

Rhymes and Randomness

We all know that one of the best ways to protect ourselves against a cyber-attack is with a safe password. But how to get one?

Researchers at the University of Southern California came up with an answer. They created a computer program for creating passwords that are hard to crack but easy to remember. The trick? Their system randomly generates poems in iambic tetrameter, like: “Australia juggernaut employed the Daniel Lincoln asteroid.”

Meanwhile, a New York City 11-year-old is tackling the same problem in a different way. The sixth grader rolls ordinary playing dice to generate six-word passphrases, which she sells for $2 a pop. She’s been so successful she’s started her own business.

“This whole concept of making your own passwords and being super secure and stuff, I don’t think my friends understand that, but I think it’s cool,” young entrepreneur Mira Modi says in this article.

Shakespeare as Security Consultant

Our brains are wired to easily store and recall information in verse. That’s why nursery rhymes are so appealing to small children and growing brains. This tendency continues throughout our life. We may have trouble remembering our online banking password but we will always know what comes after “Hickory dickory dock.”

The USC professors used this concept to develop their poem-password generator.  The only drawback: some websites don’t allow lengthy passwords.

And dice-generated passwords are nothing new. For decades, computer experts have recognized the value of rolling dice to produce a series of numbers, which are then matched to a list of English words. The result: a word string (“ample banal bias delta gist latex”) that is truly random and difficult to decipher.

The website Diceware sells password this way.

The New York middle-school mastermind wanted in on the action. She got a set of dice, a pencil and a dictionary with half a million words. And voila! She was in business. She even has her own website, where she promises safe delivery of your new, unhackable password: “The passwords are sent by US Postal Mail which cannot be opened by the government without a search warrant.”

11 Smart Password Tips

1. Never give out your password to anyone.
2. Don’t just use one password.
3. Create passwords that are easy to remember but hard toguess.
4. Remember that hackers have software that can try trillions of password combinations in seconds.
5. Make your password at least eight characters long.
6.  Don’t post it in plain sight.
7. Consider using a password manager like RoboForm or Lastpass.
8. Consider multi-factor authentication.
9. Don’t fall for “phishing” attacks.
10. Make sure your devices are secure.
11. Use a “password” or fingerprints for your phone too. 

Got any other tips for passwords? War stories to share? Drop us a comment, we’d love to hear from you.

Sources:

• Ars Technica http://arstechnica.com/business/2015/10/this-11-year-old-is-selling-cryptographically-secure-passwords-for-2-each/
• Diceware http://www.dicewarepasswords.com/
• ABA Journal http://www.abajournal.com/news/article/want_a_great_password_use_iambic_tetrameter_and_computer_rhyming_program_re
• Connect Safely http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/

Jay Reeves a/k/a The Risk Man practiced law in North Carolina and South Carolina. He is a former Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual.