Passwords have become a mighty irritant in daily life, peppering our days randomly with fear and frustration for reasons everyone has experienced. The chart of data, above, sourced from HowSecureIsMyPassword.net, shows just how quickly a hacker can brute-force various kinds of passwords, especially the weak grandkid’s-names-type that many people think up and re-use over. Type your passwords into HowSecureIsMyPassword.net‘s evaluator tool and you’ll see just how crappy your passwords may be.
The full-of-treasures Recomendo newsletter offered a solution devised by brilliant Window’s educator Jason Fossen as passed on by a reader:
Pass phrases are the new passwords and if long enough are virtually unbreakable at this point. Even without special characters. Your favorite passage from an obscure book is a good starting place. My pass phrases are about 40-50 characters each.
Lots of possibilities here! So, we tried it, typing in some evocative hunks into HowSecureIsMyPassword.net‘s evaluator tool,
A favorite haiku-ish poem from W.S. Merwin has 44 characters with no spaces, 53 with:
How time disappears
while we live under
the big tree.
We started typing it with no spaces and discovered that it would take a computer about 23 million years to crack just “whentimedisappears“
It would take only one year to crack “underabigtree” but 2 hundred million years to crack “under a big tree”; spaces definitely up the power.
The entire 53-character poem with spaces would take 1 unvigintillion years…That is, 1000000000000000000000000000000000000000000000000000000000000000000 years.
It would take a computer 1 quadrillion (1,000,000,000,000,000) years to crack Marcus Aurelius’ sublime 19-character
It loved to happen.
Double it, without spaces for easy typing, and it would take a computer 85,000,000,000,000,000,000,000 years (85 septillion).
Then we stumbled on these words in a post we wrote about artist Ann Hamilton:
How can words be an act of making?
Hamilton’s wonderful 34-character question would take 9 tredecillion years — 9,000,000,000,000,000,000,000,000,000,000,000,000,000,000 —to hack.
It seems that the personal kinds of poetry our normal brains can hold onto may well defy the robots…
One thought on “A Password Strategy That Employs Poetry and Prose”
I love this, and it’s not dissimilar to my own strategy, which is to treat a quote or line from a poem like a headline, capitalising those letters that would be capitalised in an article heading. So for instance APasswordStrategyThatEmploysProse
It works double time as reminder to reframe one’s thoughts at the start of the work day is well chosen.