Jun 18, 2007

Passwords for Chemists

Posted in Chemspy at 2:00 pm by chemspy -- 3 Comments; add your comment

We’re all chemists here, right? So, we can talk? Have you been worrying about passwords for a while? Me too. It is a big deal protecting all your blogs, logins, and slogging away at chemistry, without adding the pain of passwords. There are tools, of course, for storing them, and tools for generating quasi-random passwords too, but none of those make the process very simple it seems.So, here is a neat password idea just for us chemists.

Think of a compound, any compound, but preferably one with which you are familiar. It may be a compound from your thesis or perhaps the medication you needed to get through the viva. Now, work out or look up its formula. Next, think of a simple algorithm to obfuscate the formula (reverse it and chop off each end perhaps, or if it is a long formula extract all the numbers and put them at one end instead of after each element symbol, you get the idea). Of course, if you pick a compound that happens to share the first couple of letters with the name of the site to which you are logging in, then that should make it easier to remember too.

If you suffer from hayfever you might be using flixonase, when you login to flickr, for example. Formula: C25H31F3O5S, password could be CHFOS253135 or 5O3F13H52. No bruteforce hack attack is going to figure those out in a hurry. Specialists in secondary messenger chemistry with a MySpace account could choose myo-inositol (C6H12O6 –> CHO6126), while nutritional chemists could hide their Facebook behind Factor II (vitamin B12) C₆₃H₈₉CoN₁₄O₁₄P –> CHCONOP63891414. Of course, you will have to think of your own examples, but with CAS reporting almost 40 million structures, 14,700,000 compounds in ChemSpider, and whatever you have on your own bench, that should not be too hard to do.

Of course, being a chemist you also know about InChi and Smiles string, which could provide you with an even more sophisticated password. The InChi string for aspirin, for instance, is <span class=”chem:inchi”>InChI=1/C9H8O4/c1-6(10)13-8-5-3-2-4-7(8)9(11)12/h2-5H,1H3,(H,11,12)/f/h11H</span>. You could make your algorithm to remove all the zeros and reverse the string. The Smiles string is not quite so long O=C(Oc1ccccc1C(=O)O)C, but what about choosing that and adding the same string reversed to the end of the original?

It could all get very convoluted and seemingly random very quickly. But, then is that not the aim of a good password. According to the password strength tester, the untouched Smiles string for aspirin is “best”, but apply an algo and will be bester.

Newsfeed