Easy to remember but difficult to guess, the ideal password doesn’t quite rise to the level of paradox, but it does imply a delicate balancing act between catchiness and chaos.
Good news for cybersecurity! A group of people has been walking that line since time immemorial: poets. Now researchers from the University of Southern California’s department of computer science recommend that you mantle your data in impenetrable mystery by choosing a couplet of iambic tetrameter as your password.
Most user-generated passwords are “memorable but not secure,” write study authors Marjan Ghazvinienjad and Kevin Knight. In a world where some commercially available programs can test 2,800,000,000 passwords per second on a standard desktop, it’s much safer to use a “random, computer-generated 60-bit string” as your key than a meaningful sequence of terms. Once you’ve got your 60 random bits (zeroes and ones), there are several ways to convert them into language. You can map particular combinations onto particular letters to spell words or phrases. Or you can arbitrarily assign a chunk of bits to represent a noun like “horse” or “battery.” (This last approach was first endorsed by the comic strip Xkcd—the researchers call it the “Xkcd method.”)
At this point in your password creation journey, you probably have a lot of gibberish, like “fees Wesley inmate decentralization” or “it makes me think of union pacific resource said it looks like most commercial network.” (Those two statements were proffered as examples in the paper.) Such lines are definitely scattershot enough to work as passwords. But how are you supposed to remember them?
By tapping into the mnemonic properties of meter and rhyme. The researchers trained their bit-translation program to spit out couplets of rhyming iambic tetrameter. That is, each password emerged as a pair of eight-syllable lines shaped by a structure of alternating short and long stresses. Think little verse snippets such as “Surprise celebrity without/ the dragging Allison throughout” and “Diversity inside replied/ retreats or colors justified.” Will such mini-poems make it onto the syllabus of a nearby college English course? Probably not. But they did stick in peoples’ memories two days after the unrhymed, unmetered passwords vanished.
As scholars from John Miles Foley to Walter J. Ong have documented, bards working within an oral tradition committed huge swathes of poetry to memory by giving their narratives a fixed and distinct rhythm. There’s something delightful in computer users borrowing this ancient technique to unlock their data, especially when you realize that, in Homeric times, rhyme and meter qualified as technologies: helpful tools for getting things done. On the other hand, Ghazvinienjad and Knight define iambic meter in a binary code-inspired way that, for me at least, brought home how weird this development is. “Syllables have the stress pattern 01010101, where 0 represents an unstressed syllable, and 1 represents a stressed syllable,” they explain. So you could render the first line of Titania’s lullaby from A Midsummer Night’s Dream—“you spotted snakes with double tongue”—as “01010101,” same as “Surprise celebrity without” or “They fuck you up, your mom and dad.” This has always been the case! We’ve always used a system of symbols to notate rhythm and meter in verse. And yet talking about any formal stricture in the context of computers has the uncanny power to make a normal poetic rule feel like the End of Artistic Individuality Forever.
Maybe it’s comforting to realize that we’ll always need originality and unpredictability, whether it’s to craft immortal literature or simply prevent our passwords from being hacked. The play of freedom and discipline will never not prove essential to art. Now, as this latest paper demonstrates, we’ve even embedded the conflict in our everyday online behavior, in something as seemingly inexpressive as a string of zeros and ones.