Phonetically Memorable Password Generation Algorithms

Question

Background

While at the Gym the other day, I was working with my combination lock, and realized something that would be useful to me as a programmer. To wit, my combin

Answer 1

You could use Markov Chains to generate words that sounds like English(or any other language you want) but they are not actual words.

The question of easy to remember is really subjective, so I don't think you can write an algorithm like this that will be good for everyone.

And why use short passwords on web sites/computer applications instead of pass phrases? They are easy to remember but hard to crack.

Answer 2

FWIW I quite like jumbling word syllables for an easy but essentially random password. Take "Bongo" for example as a random word. Swap the syllables you get "Gobong". Swap the o's for zeros on top (or some other common substitution) and you've got an essentially random character sequence with some trail that helps you remember it.

Now how you pick out syllables programmatically - that's a whole other question!

Answer 3

I would really love to see someone implement passwords with control characters like "<Ctrl>+N" or even combo characters like "A+C" at the same time. Converting this to some binary equivalent would, IMHO, make password requirements much easier to remember, faster to type, and harder to crack (MANY more combinations to check).

Answer 4

Here's part 2 of your idea prototyped in a shell script. It takes 4, 5 and 6 letter words (roughly 50,000) from the Unix dictionary file on your computer, and concatenate those words on the first character.

#! /bin/bash

RANDOM=$$
WORDSFILE=./simple-words
DICTFILE=/usr/share/dict/words
grep -ve '[^a-z]' ${DICTFILE} | grep -Ee '^.{4,6}$' > ${WORDSFILE}
N_WORDS=$(wc -l < ${WORDSFILE})
for i in $(seq 1 20); do
    password=""
    while [ ! "${#password}" -ge 8 ] || grep -qe"^${password}$" ${DICTFILE}; do
        while [ -z "${password}" ]; do
            password="$(sed -ne "$(( (150 * $RANDOM) % $N_WORDS + 1))p" ${WORDSFILE})"
            builtfrom="${password}"
        done
        word="$(sort -R ${WORDSFILE} | grep -m 1 -e "^..*${password:0:1}")"
        builtfrom="${word} ${builtfrom}"
        password="${word%${password:0:1}*}${password}"
    done
    echo "${password} (${builtfrom})"
done

Like most password generators, I cheat by outputting them in sets of twenties. This is often defended in terms of "security" (someone looking over your shoulder), but really its just a hack to let the user just pick the friendliest password.

I found the 4-to-6 letter words from the dictionary file still containing obscure words.

A better source for words would be a written document. I copied all the words on this page and pasted them into a text document, and then ran the following set of commands to get the actual english words.

perl -pe 's/[^a-z]+/\n/gi' ./624425.txt | tr A-Z a-z | sort -u > ./words
ispell -l ./words | grep -Fvf - ./words > ./simple-words

Then I used these 500 or so very simple words from this page to generate the following passwords with the shell script -- the script parenthetically shows the words that make up a password.

backgroundied (background died)
soundecrazy (sounding decided crazy)
aboupper (about upper)
commusers (community users)
reprogrammer (replacing programmer)
alliterafter (alliteration after)
actualetter (actual letter)
statisticrhythm (statistical crazy rhythm)
othereplacing (other replacing)
enjumbling (enjoying jumbling)
feedbacombination (feedback combination)
rinstead (right instead)
unbelievabut (unbelievably but)
createdogso (created dogs so)
apphours (applications phrase hours)
chainsoftwas (chains software was)
compupper (computer upper)
withomepage (without homepage)
welcomputer (welcome computer)
choosome (choose some)

Some of the results in there are winners.

The prototype shows it can probably be done, but the intelligence you require about alliteration or syllable information requires a better data source than just words. You'd need pronunciation information. Also, I've shown you probably want a database of good simple words to choose from, and not all words, to better satisfy your memorable-password requirement.

Generating a single password the first time and every time -- something you need for the Web -- will take both a better data source and more sophistication. Using a better programming language than Bash with text files and using a database could get this to work instantaneously. Using a database system you could use the SOUNDEX algorithm, or some such.

Neat idea. Good luck.

Answer 5

I have a few times used a following algorithm:

1. Put all lowercase vowels (from a-z) into an array Vowels
2. Put all lowercase consonants (from a-z) into another array Consonants
3. Create a third array Pairs of two letters in such a way, that you create all possible pairs of letters between Vowels and Consonants ("ab", "ba", "ac", etc...)
4. Randomly pick 3-5 elements from Pairs and concatenate them together as string Password
5. Randomly pick true or false
   1. If true, remove the last letter from Password
   2. If false, don't do anything
6. Substitute 2-4 randomly chosen characters in Password with its uppercase equivalent
7. Substitute 2-4 randomly chosen characters in Password with a randomly chosen integer 0-9

Voilá - now you should have a password of length between 5 and 10 characters, with upper and lower case alphanumeric characters. Having vowels and consonants take turns frequently make them semi-pronounceable and thus easier to remember.

Answer 6

I prefer giving users a "hard" password, requiring them to change it on the first use, and giving them guidance on how to construct a good, long pass phrase. I would also couple this with reasonable password complexity requirements (8+ characters, upper/lower case mix, and punctuation or digits). My rationale for this is that people are much more likely to remember something that they choose themselves and less likely to write it down somewhere if they can remember it.