“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”
“Passwords are a literary genre almost too tiny to read, a banal compression of intimacies, a secret we share with distant servers.”
Passwords are the bane of all computer users, even geeks like me. We all understand how important they are, but humans are just not very good at remembering arbitrary, uncontexted, detailed pieces of information.
The human memory does not work like a video recorder constantly on record. If I ask you to remember going to the beach with your mother, you don’t rewind your tape back to being a child, find the time you were stood on sand with your parents and press play. You have malleable translucent pictures for things such as ‘beach’, ‘sand’, ‘sunny’, ‘childhood’, ‘mummy’, ‘play’, ‘happy’ and dozens of others and you put them all on top of one another in your head and recreate the memory. This is actually reasonably new news; certainly discovered since passwords became a fundamental requirement of modern living.
The very act of recalling a memory actually alters the memory itself, leading to the ability to ‘hack’ people’s brains and implant fake memories! But that’s another post.
So how can we use this knowledge to help us remember passwords? There are big ideas from Facebook, Microsoft and others but they’re not going to help you today. To demonstrate that, let me tell you the password for my bank account:
“Douglas Adams is my favourite author. Every time I read The Hitchhiker’s Guide to the Galaxy I love it more.”
Now, I could type that out, character for character, 1000 times, which would make it a fantastic password. It would take 150 trigintillion (150 x 1093) years for a computer to guess that correctly one character at a time. “Ahhh”, I hear some of you say, “but those are real words. You shouldn’t use real words in a password.” Yes. True. But that sentence is so complex that it would still take a computer an amount of time greater than humans have existed to guess it one word at a time.
Unfortunately, my bank won’t let me use something 109 characters long as my password – that would be too sensible and secure – so I have to get it down to their arbitrary requirements. All I do is take the first letter of each word, as it’s typed above.
“DAimfa. EtirTH’sGttGIlim.”
Now that password used no dictionary words, and would take 172 x 1054 (172,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000) years for a computer to crack. Perfectly secure1
And all I have to remember is who my favourite author is, and why.
1I actually take it a stage further and swap out some phonetics for symbols; ‘favourite’ becomes ‘f@’, ‘to’ becomes ‘2’, ‘more’ becomes ‘>’.
So the password to my bank is:
“DAimf@a. EtirTH’sG2tGIli>.”