{"id":4955,"date":"2014-10-22T07:03:42","date_gmt":"2014-10-22T11:03:42","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=4955"},"modified":"2020-02-26T15:10:31","modified_gmt":"2020-02-26T15:10:31","slug":"remember-strong-passwords","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/remember-strong-passwords\/4955\/","title":{"rendered":"How to Remember Strong, Unique Passwords"},"content":{"rendered":"

It\u2019s 2014, Lockheed Martin recently announced that it is making real progress toward developing a compact nuclear fusion reactor capable of providing unimaginably vast supplies of energy in exchange for a couple handfuls of clean, somewhat easily available fuel. And yet, we\u2019re still stuck memorizing ever-longer lists of passwords<\/a> like it\u2019s 1999. If we\u2019re going to rely on an ancient authenticator for future technology, then we might as well come up with a solid way to remember our passwords, which is exactly what our friends at Carnegie Mellon<\/a> University\u2019s computer science department have done.<\/p>\n

\n<\/p>

Unfortunately, it turns out that remembering long lists of complicated\u00a0<\/span>passwords<\/span><\/a>\u00a0requires us to do something that no one likes: study. According to research developed by Jeremiah Blocki, Saranga Komanduri, Lorrie Cranor and Anupam Datta, a system of spaced repetition paired with mnemonics<\/a> increases the likelihood that users will remember their passwords over long periods of time.<\/span><\/p>\n

The password construction element of this is similar to a certain\u00a0<\/span>XKCD comic about password strength<\/span><\/a>, which is to say, think sentences rather than words:<\/span><\/p>\n

\"password_strength\"<\/a><\/p>\n

The participants in the Carnegie Mellon study were made to choose a person from a drop down menu\u00a0and\u00a0being assigned\u00a0with\u00a0machine-generated random\u00a0action and object\u00a0pair. This method is\u00a0known as a person-action-object\u00a0(PAO)\u00a0story. So you\u00a0get something like this:\u00a0\u201cMaster Yoda\u00a0dropping\u00a0a\u00a0microphone.\u201d<\/p>\n

The mnemonic device at play here is that the participants in the study were also shown a picture of a setting in which to imagine their person-action-object story occurring.\u00a0Let\u2019s say that the picture associated with our story is of an underwater laboratory. In this way we\u00a0end up with sentence like\u00a0\u201cMaster Yoda\u00a0dropping a microphone in an underwater laboratory\u201d.<\/p>\n

So you have 6 words and the password you can construct of these words is strong enough\u00a0\u2014\u00a0you can make sure at\u00a0our Secure Password Check page<\/a>. The point of mnemonic\u00a0technique\u00a0is that you don\u2019t have to remember all the sentence.<\/p>\n

In this study, participants were prompted with scene and person\u00a0pair\u00a0(Master Yoda\u00a0in an underwater laboratory) and made to perform a rehearsal routine to recall\u00a0the action and object\u00a0at a set number of spaced intervals over a period of 100 or so days. The specific intervals for these rehearsal rituals and the number of passwords (either one, two or four) a given user was expected to recall varied from one trial group to the next.<\/p>\n

The users with the best results were those that initially rehearsed after 12 hours and then in 12\u00d71.5 hour increasing intervals\u00a0(0.5 days, 1.75 days, 4.15 days, 8.15 days, 14.65 days, 24.65 days, 40.65 days, 64.65 days and 101.65 days). In that group, 77.1 percent of the participants successfully recalled all 4 stories in 9 tests over a period of 102 days.<\/p>\n

\n

I suppose you could say that I was a little bit surprised. If you had forced me to guess which condition would yield the best results before the study I probably would have guessed that the 30minX2, though I would not have been entirely confident<\/p>\n<\/blockquote>\n

I reached out to Blocki and asked is he was surprised by the results.<\/p>\n

\u201cI suppose you could say that I was a little bit surprised,\u201d he said. \u201cIf you had forced me to guess which condition would yield the best results before the study I probably would have guessed that the 30minX2, though I would not have been entirely confident. Yes, the 12hrX1.5 group had a longer initial rehearsal interval. However, the intervals between successive rehearsals did not increase quite as quickly as they did in the 30minX2 condition. The results indicate that the spacing of rehearsals is significant (not just the total number of prior rehearsals).\u201d<\/p>\n

Incidentally, most of the forgetting happened in that first 12 hour period. Some 94.9 percent of participants who remembered stories in the early rounds continued to remember them in subsequent rounds. Not surprisingly, the recall rate for participants asked to remember one or two stories was substantially better than those that were asked to remember four stories.<\/p>\n

<\/p>

Remembering long lists of #passwords requires us to do something we all hate: study<\/p>Tweet<\/a><\/blockquote>\n

There is a lot going on in this study, titled \u201cSpaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords<\/a>,\u201d [PDF]. Feel free to wade through it on your own, but there\u2019s a lot of spooky math problems going on in there.<\/p>\n

So what did we learn today? First of all we learned it\u2019s easier to remember fewer passwords. Which is probably why nearly everyone uses the same password across multiple accounts \u2013 despite knowing that password sharing is a bad idea.<\/p>\n

\"1\"<\/a><\/p>\n

But there is\u00a0good news: you can improve your passwords using relatively easy mnemonic techniques:<\/p>\n