Nerdy passwords, secure and memorable

WARNING: Do not simply use the formula of a common chemical without obfuscating it in some way. It could be dictionary cracked very easily if you do. A serious recommendation is to use a strong password generator rather than this technique and to store passwords in a digital safe itself locked with a strong password.

Coming up with a secure password that cannot be bruteforce or dictionary attacked but that is easy to remember is quite troubling. So, here’s the nerdiest approach yet.

Think of a compound, any compound, but preferably one with which you are familiar. If you’re in science, then you could pick a compound associated with your research thesis or perhaps the medication you needed to get through the viva.

Now, work out, or look up, its chemical formula. BUT DO NOT STOP THERE…Next, think of a simple algorithm to obfuscate the formula (reverse it and chop off each end perhaps, or if it is a long formula extract all the numbers and put them at one end instead of after each element symbol, you get the idea). Of course, if you pick a compound that happens to share the first couple of letters with the name of the site to which you are logging in, then that should make it easier to remember too.

If you suffer from hayfever you might be using flixonase, when you login to flickr, for example. Formula: C25H31F3O5S, password could be CHFOS253135 or 5O3F13H52. No bruteforce hack attack is going to figure those out in a hurry. Specialists in secondary messenger chemistry with a MySpace account could choose myo-inositol (C6H12O6 –> CHO6126), while nutritional chemists could hide their Facebook behind Factor II (vitamin B12) C63H89CoN14O14P –> CHCONOP63891414.

Of course, you will have to think of your own examples, but with CAS and ChemSpider registering tens of millions of structures, that should not be too hard to do.

Of course, being a chemist you also know about InChi and Smiles string, which could provide you with an even more sophisticated password. The InChi string for aspirin, for instance, is <span class=”chem:inchi”>InChI=1/C9H8O4/c1-6(10)13-8-5-3-2-4-7(8)9(11)12/h2-5H,1H3,(H,11,12)/f/h11H</span>. You could make your obfuscating algorithm to remove all the zeros and reverse the string. The Smiles string is not quite so long O=C(Oc1ccccc1C(=O)O)C, but what about choosing that and adding the same string reversed to the end of the original?

It could all get very convoluted and seemingly random very quickly. But, isn’t that the aim of a good password? According to the password strength tester, the untouched Smiles string for aspirin is “best”, but apply an algo and it will be even better.

The neat part is that you pick a compound you will remember, you can look up its formula any time and you know the obfuscating algorithm. So you thus have a memorable password that is essentially a pseudo-random alphanumeric.

Originally posted Jun 18, 2007 @14:00

Author: David Bradley

Freelance science journalist, author of Deceived Wisdom. Sharp-shooting photographer and wannabe rock god.

3 thoughts on “Nerdy passwords, secure and memorable”

  1. Yes, I do like to throw those idiosyncracies into my blogging every now and again…

    …it’s allowed isn’t it?

    By the way does more of what eMolecules does and with more molecules, I believe

  2. will be better when people using its structure drawing tools to generate their password for each login.

    BTW I learned the first time the ‘superlative degree’ of good – bestER!

  3. I wish I were a chemist so that I could use this trick. Just genius!

    So for the rest of us sorry folk out there, a password manager might be just the cure for those password pains. :)

    Tara Kelly
    PassPack Founding Partner

Comments are closed.

If you learned something from Sciencebase, enjoyed a song, snap, or the science, please consider leaving a tip to cover costs. The site no longer runs Google ads or similar systems, so your visit is untainted.