The average person, according to a 2014 study performed in the UK, has about 19 passwords to remember. Mostly, they're bad. But John Clements, a professor at California Polytechnic State University, has a new idea for how to create passwords that are more secure than "123456" and still easy to remember. His secret: Charles Dickens.
As Jacob Aron reports for New Scientist, Clements has created a way to use one of Dickens’ most famous works to generate strong and memorable passwords:
[Clements] used a tool from probability theory called a Markov model. The model looked at pairs of characters – letters and punctuation, not fictional people – in the book A Tale of Two Cities, and saw how often other characters appeared after them. Taking "ca" as an example, "car" is more likely than "caf".
To build passwords, the model takes two characters and generates a third. The second and third characters are then put back into the model to give a fourth, and so on until you have a password that is long enough to be secure.
If fictional French Revolution-related exploits aren’t your style, the scheme could feasibly work with any large body of text. As long as you put the Markov model to work as Clements describes in his paper, you’ll come up with phrases that sound vaguely like English. That makes them easier to remember than a password made of total gibberish. But, these generated sentences include completely invented words that a password cracker would find nearly impossible to guess.
A Markov Model/Charles Dickens-generated password might be "The greed hispefters and" or "They, anythis, int founged mad." Sure, they're more complicated than the second-most favorite password of last year—“password.” But they’re far more secure and more memorable than a random group of numbers and symbols.
If you want to use Dickens for your password-generating needs, Clements has you covered.* He's designed an online tool that puts his model to work on A Tale of Two Cities for your password pleasures. And, as New Scientist's Aron points out, the programmer has “plans to explore using a person’s email history [to] generate passwords,” so perhaps it won’t be long before your own words can get the Dickens’ treatment and are reworked into memorable gobbledygook to keep your online identity safest.
*This paragraph originally reported that there was no online tool available to create such passwords, but, in fact, there is.