Better Passwords Made Easy

By now, everyone knows what a bad password is: your name, your child's name, your pet's name, your birthday. But what does a good password--which must be both hard to break and easily remembered--look like? A group of scientists from Cambridge University Computer Laboratory say it might be this: MsPi24yo. While that's a hard-to-break combination of numbers and upper- and lower-case letters, it is actually quite simple to recall because it is a mnemonic phrase that stands for "My sister Pam is 24 years old." That use of mnemonic phraseology is the key to good codes, according to The Memorability and Security of Passwords--Some Empirical Results.

In the study, 288 students were randomly allocated different types of passwords. Some just chose their own passwords (at least seven characters long and including at least one non-letter; the researchers refer to this as "naively" selecting passwords). Others chose eight letters and numbers at random and were asked to memorize them. The last group was given mnemonic passwords.

By monitoring the number of times the students requested that their passwords be reset by system administrators, the researchers found that mnemonic passwords were just as easy to remember as "naively selected" passwords. And by attacking the passwords with password-cracking tools, they confirmed their belief that mnemonic passwords were far less likely to be compromised by an attacker than passwords chosen by the students.

@ Read more about strong and easy-to-remember passwords at SM Online.