Human Computable Passwords

The problem

Password reuse is one of the most common security vulnerabilities for individuals and organizations. Common approaches to mitigate password reuse include using a password wallet, writing passwords or hints down, or a simple scheme to translate contextualized information (i.e. a site’s name) into a unique password. Most often, users employ a small set of passwords with a generic password used for less important sites (news, forums) and more complex and unique passwords for more sensitive sites (banking, work). If you check you will probably find that at lease some of these passwords have been compromised.

An initial, easy, lame but so much better solution

What to do? First, if you don’t use two factor authentication, stop reading this and do that now. It is much more important to get that working than it is to establish a strong password.

The most common alternative to password reuse is listing all your passwords somewhere. This is better than reuse, but it has problems. Better than a piece of paper is an encrypted password manager. Not only do they put all one’s eggs in one basket, but I’m often not near my computer. The more accessible the manager, the less secure. To fix this, for years I employed a simple scheme that used a traditional password with some characters appended to make the password unique to the site or context that the password applies.

For example, if your common password is


you could start with adding the first letter of the website to the end of that. Amazon and Ebay would be am\{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui\#a and am{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui#e respectively. Of course someone could figure this out quickly, but they probably wouldn’t because passwords are crazy cheap and hackers probably are using an automated system to check password reuse. (Yes, you probably aren’t even worth the dedicated time of a hacker.)

Now, time for some harder, but much better solutions

You can have a lot of fun making obscuration more complicated. For example, say you memorized
a mapping of vowels to numbers, say:

letter number
a 3
e 2
i 3
o 1
u 7

Then you could put the obscured url at the beginning of the filename. This means amazon would become 3m31nam{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui# or the first and last letter at the beginning and end 3am{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui#n. Again, maybe this would throw off nearly everyone for a couple minutes, which is probably enough, but cryptographers would laugh this off as a kindergarden-level cipher. For that matter ama_am{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui#_zon would probably suffice. The more complicated you make it, the more secure your password reuse is.

A better option would be to start to do more computation. Warning, this can get complicated, but you can start to have real security properties. One idea I had was to use a angram, or holoalphabetic sentence — a sentence that contains every letter of the alphabet at least once. You know, “The quick brown fox jumps over the lazy dog” my favorite is the very short: “Cwm fjord bank glyphs vext quiz” (yes, Cwm is a word). See others below.1

With a angram, you can start to do much better obscuration. Say you have our vowel mapping and “Cwm fjord bank glyphs vext quiz”, from this you could could letters in and turn numbers back into letters and turn the obscured password above (3m31n) into “mmmcn” which would be much harder to figure out. Since Angrams map to each letter, you can use their sequence. Picking the same phrase (which you could definitely have on a sticky on your monitor) you just count two letters to the right or one to the right for the first one, two to the right for the second one. That is pretty cool! This means amazon would become:


. This meets two nice criteria: easy to compute and difficult to figure out without your pass phrase. This could also work with a poem on your desk, etc. Or just one random sequence of letters you have in your wallet. No one would know how you use those letters. This is what I recommend for most users.

Ok, enough of my thoughts? I’m no cryptographer, but it is hard to find a better example of an expert than Prof Blum. If you are ready to get serious about human computable passwords and actually compute a cryptographically secure password, Manuel Blum is a Turing Award winner who has put a lot of thought (meaning the academic life of several grad students) into this. If you want, watch him explain it.

There are over 100 papers on this that go into a lot more detail with secure schemes.

What I do

I’m all in now use Manuel’s method. I memorized a mapping of each letter of the alphabet to a number (a -> 7, b -> 3, c -> 7, etc) and then use his scheme to take the mod 10 or last number of the sum of each two successive letters with the first letter resulting from the mod 10 of the sum of the first and last. Then I map these numbers through a unique mapping of numbers from 0 to 9 (4-> 6, 1 -> 3, 7 -> 2, etc). Two do this you have to memorize the mapping of 26 letters to numbers (which is really 9 groups) and 10 digits that map from 0-9 to random numbers. It takes some time to memorize, but you keep it because you refer to the numbers each time you type a password. And you only have to memorize one thing which is a huge selling point for me.

So the site name would go through the following steps:

  • abc becomes 737
  • the first number of the intermediate password would be 7+7 = 14
  • taking the last digit, I would get 4
  • then 4 + 3 = 7 and 7 + 7 gives 14 -> 4, which means my intermediate password is 474
  • my final password would be 626

Then I would append some random string to provide entropy, or 626am{aaa01f1184b23bc5204459599a780c2efd1a71f819cd2b338cab4b7a2f8e97d4}27Ui#.

I’ve found it easyish to compute the password, but memorizing 26 mappings of number to letters was not easy. To do that I wrote the following code to quiz me:

I’m finding this much much more difficult than Manuel Blum made it sound, but I think there are real ways to do this for the masses. Your thoughts are welcome below.

  1. Love angrams? I have more:
    * Sphinx of black quartz, judge my vow
    * Jackdaws love my big sphinx of quartz
    * Pack my box with five dozen liquor jugs
    * The quick onyx goblin jumps over the lazy dwarf
    * How razorback-jumping frogs can level six piqued gymnasts!”
    * Cozy lummox gives smart squid who asks for job pen” 





2 responses to “Human Computable Passwords”

  1. Mooch Avatar

    Coming up with creative ways to obscure password phrases has not been my major problem. And thus, adding, Amazon, or FB, (or the network I’m logging into) into each phrase is also fairly routine. My problem is changing the password the next time. How do you increment? How do you remember the date of the increment and thus stay in sync? Two-factor authentication clearly helps here because you can keep your passwords a lot simpler. What works even better is logging on with a card that contains your certificates… How secure is this method? It seems to me the convenience of the card is a far superior method, provided you don’t forget your card… Also, I’ve noticed, that some some service providers allow you to change your password in a very easy manner. How secure is changing your password every single time? In my mind this feels a lot like two factor authentication…and on some sites, it literally is point and click, type a new password, and hit return…thoughts?

    1. tim Avatar

      ah! that is the brilliance of Manuel blum’s method — you just increment . . .

      amazon -> 584982_&7yjaYm
      amazon1 -> 274902_&
      amazon2 -> 578390_&*7yjaYm

      due to his use of mod and sequencing, there is still high entropy!

Leave a Reply

Your email address will not be published. Required fields are marked *