Password security is a common problem that businesses that take their cybersecurity seriously have to deal with on a regular basis. Passwords need to be complex and difficult to guess, but easy to remember at the same time. Unfortunately, these two goals don’t go hand-in-hand, and as such, users often have to sacrifice one for the other. The “passpoem” is a concept born to resolve this issue, though it takes a pretty roundabout path of doing so.
It’s clear that the average PC user won’t choose passwords that are as secure as they should be, primarily because users will prioritize ease-of-remembrance as one of the best qualities of a password. As explained in an essay from the University of Southern California, written by Marjan Ghazvininejad and Kevin Knight, it’s best to use randomly generated 60-bit strings (basically, a series of 60 ones and zeros), and convert these strings into words or phrases.
This concept is based on a XKCD comic that depicts the pains of remembering complex passwords. The idea behind the comic is that you can take a string of numbers, like 10101101010100101101010101010, and convert segments of the string into English words. For example, the above string would read, “correct horse battery staple,” which is ridiculous and doesn’t make any logical sense. However, if used as a password, users can create a mental image or a story to associate with the password, helping them remember it.
Ghazvininejad and Knight suggest that, unlike the 44-bit string in the above example, users should opt for a 60-bit string, and give the password a poem-like structure. Doing so could make the password easier to remember. In other words, to put it in very simple terms, the idea is to make the password as easy to remember as possible for the user, while making it extraordinarily difficult for a computer to guess. By today’s standards, the 44-bit string would take around an hour to crack, while a 60-bit string would take well over a decade. That’s the kind of password security that your organization wants.
If you don’t feel like getting overly technical with 60-bit code strings, it’s possible that you can use lines from existing poems to create a password. The creators of the passpoem, however, don’t suggest that you do so. There are millions of poems on the Internet, and the chances of this type of password getting hacked are much higher than if the string of characters were truly random. Still, using a line from your favorite poem is likely much more secure than a simple password like “MOM385” or “password,” so the idea shouldn’t be dismissed completely. You still need to be aware of the issues that come with this password strategy; for example, the risk of dictionary-type attacks could become a problem, even with using a long password. It’s up to you to know the complications and risks that come with your preferred password management policy.
One of the biggest pain points about password management is that you need multiple/different passwords for all of your different accounts. When you have multiple complex passwords, it can be difficult to remember them all. This is what makes a password management system so effective. SemTech IT Solutions can help your business get set up with the best password manager on the market. To learn more, give us a call at 407-830-1434.