Making Memorable Passwords
A short missive on strong, memorable passwords, mainly centered around the method I use to generate them when a password manager is not available.
By: TheHans255
7/7/2022
Let me start off by saying that if you can use a good password manager to store and input your password, you should - a securely generated, unique password that you can copy and paste is going to be better than anything you can remember or type. Also, whenever you can, you should use good two-factor authentication (ideally physical security keys, though authenticator apps are pretty good too).
Now, with that disclaimer out of the way, here's a fun way to make good, memorable passwords! This is the method that I personally use to generate a password when I can't copy and paste from a password manager, such as on my computer's login screen.
Overview
If you just want the quick steps of how I make good passwords, here you go:
- Using a secure random source, generate approximately 6 letters and 4 digits. I wrote an app to do this quickly, but you can also use dice for something similar - two different-colored D6s have 36 possibilities, which you can use to pick either an English letter or a base-10 digit. This step is the source of the password's strength.
- Example 1: Letters: "G F S H S W", Numbers: "1 0 4 6"
- Example 2: Letters: "Q B Z C C I", Numbers: "9 3 0 6"
- Use the letters and digits to make a sentence. While being sure to keep the letters in order, expand them to make words and syllables. Insert the digits where they make sense to you. Add symbols if and where they make sense. Capitalize words, add particles, whatever you need for a complete sentence - your intuition is the source of the password's memorability.
- Example 1: "Saying 1046: Great Food Shifts Stubborn Wars"
- Example 2: "Quickly Bounce 9306 Zebras to Cincinatti"
- Double-check that your password is not on a list of breached passwords (such as the one on HaveIBeenPwned). This should almost never happen, since you're freshly generating the password, but do this just in case.
- You're done! If you need to, practice typing the password a few times until you get the hang of it - these passwords tend to be long and it's easier to make mistakes. Practice on all the devices you expect to be typing this password, especially both a physical keyboard and the touch keyboard you'd find on a phone or tablet.
Now that I've gone over that, how does this method work, and how good is it?
Entropy
The key to all good password generation is entropy. In general, entropy is the measure of the amount of chaos in a system, the freedom of possibility that the energy or matter can be freely arranged in. Within password generation specifically, entropy is a measure of the total number of possibilities your password can have provided that everyone knows how you generated it (we take this assumption as a minimum, since the amount of potential entropy is much higher if you also have to guess how the password is generated). Because the two concepts are related, entropy is typically measured in bits, refering to the number of binary digits needed to recreate that number of possibilities - for instance, saying that a password has "32 bits of entropy" means that its generation method could generate approximately 232, or about 4.29 billion possibilities.
Entropy is important because passwords are most often broken by being guessed. Any website or service with even the most basic security posture will store your passwords as hashes, which means that it is extremely computationally difficult to figure out what your password was just by reading the hash, but it is very easy to confirm that your password is correct when you enter it again. Therefore, when a password database is breached and the hashes are exposed, hackers will try millions or even billions of passwords per second on the hashes they find in order to look for matches - and the more possible combinations there are, the longer this will take. This is the source of HiveSystem's Password Table:
The HiveSystems.io Password Table, which shows the time it takes to crack a password given its MD5 hash. MD5 is used here because it is the weakest commonly used hash and users often reuse passwords between websites.
Entropy factors into our solution in three places: the entropy provided by the random number source, the entropy sampled by our letter and digit selection process, and the entropy (or lack thereof) provided by the human brain in the intuition process.
The Entropy Source
Human brains are remarkably bad at coming up with random data - if you ask a human, for instance, to make up a series of random coin flips, the coin will alternate between heads and tails far more often than it should. In general, our "random generation" process is overly concerned with making every result we predict look different from the results that came before, and that can result in remarkably predictable results when we put together numbers and letters.
Therefore, every good password generation process comes with a source of true entropy - a process that can be called upon indefinitely for uniform, independent random events. A balanced coin or dice, properly thrown, is great for this, as each coin toss or dice throw is equally likely to come up with any of the given results (heads/tails, or 1-6 respectively) independent of all of the throws that came before it (excluding neglegible wear and tear).
Other good sources of entropy are the input/output devices in a personal computer. During our day-to-day work, there are many slight variations in how our devices are used - the amount of time it takes a hard drive to seek to its required position, for example, or the millisecond differences in between each of our key presses. Modern computers capture these minute sources of entropy and provide a system API for true random numbers - Linux exposes the getrandom()
system call, while Windows exposes the BCryptGenRandom
call as part of its cryptography APIs. Many programming languages provide cryptographic libraries to access these sources of randomness - for instance, while Math.random()
in JavaScript is not connected to these APIs, the Crypto.getRandomValues()
call is.
For even more security critical applications, you can use dedicated random devices to gets lots of entropy. The random number website RANDOM.ORG uses a set of radios tuned to atmospheric noise, essentially using the entropy originally generated by the Big Bang. Web hosting platform CloudFlare famously uses lava lamps to generate its security encryption keys.
The example generation app I wrote uses the second method, via the Crypto.getRandomValues()
call.
The Sampling Method
Once we have the random source, it's time to get some letters and digits out of it!
Let's start with the dice method. In the English alphabet, there are exactly 26 letters and 10 digits, which corresponds exactly to the 36 possibilities between two differently colored 6-sided dice. We can construct a table of letters and digits for each result:
First Dice | |||||||
1 | 2 | 3 | 4 | 5 | 6 | ||
Second Dice |
1 | A | B | C | D | E | F |
2 | G | H | I | J | K | L | |
3 | M | N | O | P | Q | R | |
4 | S | T | U | V | W | X | |
5 | Y | Z | 0 | 7 | 8 | 9 | |
6 | 1 | 2 | 3 | 4 | 5 | 6 |
If you use the numbers and letters exactly in the order you produce them, then each new roll multiplies the total number of possibilities by 36. Repeating this ten times, we end up with 3610 or 3.6 quadrillion total possibilities, or about 52 bits of entropy from this method. However, because we allow the digits to be placed anywhere in the password, we divide the total number of possibilities by the total number of letters plus 1 for each number - for instance, with 6 letters and 4 numbers, we divide our possibilities by 1296, losing about 10 bits of entropy.
As for the app's method, we explicitly generate a set of letters and a set of numbers, using the random bits from Crypto.getRandomValues()
. Getting six letters and four numbers gives us 266 × 104 or about 3.1 trillion total possibilities, granting us 41 bits of entropy.
The Human Brain
As stated at the beginning, the human brain is terrible at generating random values, since it tends to base new values on earlier values in the sequence. Hence, in this password generation method, we use the brain not to add randomness, but to add intuition and make the password memorable. The method still retains the same amount of password entropy even if the brain looks at a given sequence of letters and generates the exact same final password every time.
However, in practice, the condition of the human brain can vary greatly day by day and throughout the same day, so at least a few additional bits of entropy are possible. For instance, given the letters "U G R K X I", some of the many possibilities for the first two letters include "Ugly", "Usury Grants", "Ursa the Great", or "Useless Gold". If you are equally likely to come up with any of these four possibilities on a given day, then your brain is adding 2 bits of entropy to the password.
And on top of this, of course, is that there are myriad possibilities for how the human brain in general might expand these strings of letters. Even if we only assume about 50 possible words for each letter we could generate (which is conservative, though reasonable, as we are limited on the parts of speech we can use), each letter adds an additional 5.6 bits of entropy against any attacker who only knows that we use this method and does not know us very well, bringing our 41 bit estimate for 6 letters and 4 digits to 75 bits of entropy. To get around this, a hacker would need to learn more about us personally, and the effectiveness of social engineering means that this is not a new threat.
How Good Is It?
Admittedly, according to the HiveSystems benchmarks, using our generated letters and digits as a password directly performs miserably on the general Internet. Modern graphics cards, such as the NVidia RTX 3090, are capable of churning through 69.379 billion MD5 hashes per second, which means that our estimated 41 bits of entropy for 6 digits and 4 numbers will get chewed through in just a few seconds. Allowing the letters and digits to generate interchangeably (as in the dice method) and insisting on their interspersed order and variability gets us up to 52 bits of entropy, which only brings the lifetime up to an hour and a half.
We do have the part of the password process where your brain expands the letters into full sentences. Any simple password strength meter will tell you that these passwords perform astronomically well, but they don't know that most of that expansion comes from our brains instead of a truly random source. If the attacker does not know personally how we would expand the letters and we can assume about 50 independent possibilities for each, we have 75 bits of entropy, which would cause the passwords to last over 2000 years under current metrics. We cannot, however, safely assume this, bringing us back to the 41 bit estimates from earlier.
There is, however, one caveat: I state that I only use these passwords in environments where a password manager is not available, which primarily include the password for the password manager itself, the login screens for my OSes, and the encryption passwords for my hard drives. And fortunately, the hashing function for these is far stronger than MD5.
HiveSystems also has benchmark data for how well modern hardware does at hashing bcrypt
, a much stronger hash that is more closely related to how Linux and Windows hash their user passwords. It states that an RTX 3090 is only capable of hashing about 96,662 hashes per second, meaning that even our worst case scenario of 6 letters, 4 numbers, and fully deterministic expansion (with 41 bits of entropy) will still last about 15 trillion years under such an attack. And if your attacker calls upon the cloud, pooling together millions of RTX 3090s to hash your password, it will still take millions of years.
Of course, though, at the end of the day, all of this should be compared to the kinds of passwords a password manager is capable of. If you get a password manager to generate a password that includes capital letters, lowercase letters, digits, and the symbols ,.<>/?;:!@#$%^&*()-_+=[]{}\|`~
in equal frequency, then each character provides 6.5 bits of entropy. 7 characters easily beats our worst-case scenario of 41 bits, and 12 characters beats our assumed best-case scenario of 75 bits. And since most websites and services can accept passwords of 20 characters or more, a fully randomly generated password can easily beat anything you can memorize.
So if you can use a password manager, use a password manager. This is just the sort of thing that comes in handy when a password manager doesn't.
Appendix: More Examples
Letters | Numbers | Final Password |
---|---|---|
I H K L L O | 9655 | 9655 Ill Hunks of Keratin Live in the Land of Oz |
O W A L L J | 6866 | On 6866 Willow Avenue, a Lazy Llama Jams |
Z Y F Y Y W | 6547 | Zebras Yearn for your Yearly Weeping - 6547 |
T E J S I Y | 7615 | 76 Tense Joneses In Your 15 Darkest Nightmares |
W K C A U T | 1484 | 1484 Wicker Kats Can Audit Your Toast |