Preshing on Programming

xkcd Password Generator

The button below will generate a random phrase consisting of four common words. According to yesterday’s xkcd strip, such phrases are hard to guess (even by brute force), but easy to remember, making them interesting password choices.

correct horse battery staple

It’s a novel idea, but xkcd stops short of actually recommending such passwords, and so will I. Use at your own peril! I’m not responsible for anything that happens as a result of your password choice. (But if you’re just signing up for a kitten video forum, you’re probably safe.)

In case you missed the strip, here it is:

Other generators have popped up online, but unlike most of those, this generator only uses common English words. That’s important, because the more unusual words are used, the harder the password will be to remember. For example, “decimalisation contrapuntal assizes diabolism” is not particularly easy to remember, I’d say.

The xkcd strip suggests 11 “bits of entropy” per word, which can be achieved using a list of 211 = 2048 words. I scraped a list of 1949 words (close enough) from this site, which is based on the most frequent occurrences in newspapers. This list doesn’t include “battery” or “staple”, so perhaps a better list is still possible. In any case, you can view the JavaScript source code here.

It’s hard to be convinced about every detail in the strip, but it really had me thinking. The last panel claims that the reader has already memorized “correct horse battery staple”. Sure, a lot of readers will probably have that phrase memorized for a while. But the strip itself is interesting, takes a lot of concentration to understand, and incorporates a visual aid. I think we’re more likely to remember “correct horse battery staple” for those reasons. Will it be just as easy to remember other four-word combinations?

What do you think? Is it easy to remember the other passwords generated here? Do you see some way to improve the algorithm? Is there any merit to this password selection strategy?

As far as password management goes, I’ve personally found KeePass to be an excellent solution. And for an amusing look at how most people actually do choose passwords, check out Your Top 20 Most Common Passwords and The science of password selection.