The Π of passwords

Posted by Pete Mar.21, 2014 in Passwords & Security

piLast Friday was Pi Day (3/14). Our niece was part of a school contest to see who could remember Pi out to the most digits. (We’re guessing that this is not an exciting spectator sport.)

Even though she remembered it out to the 111th digit(!), she didn’t win. Not by a long shot. The winner had it memorized out to past the 300th digit. Maybe they should make a movie about him.

Most of the time, trying to remember passwords is like trying to memorize Pi out to the 20th digit (3.14159265358979323846 – from piday.org). It takes a lot of effort, and if you don’t keep practicing and repeating it, you’re going to forget it really soon. And, in the back of your mind, you’re thinking ‘why am I even doing this?’

It would be a whole lot easier if Pi was something like 3.14141414141414141414 repeating forever… but then it wouldn’t be magic, a circle wouldn’t be a circle, and there wouldn’t be any contests to remember lots of digits.

The same thing applies to passwords. Lots of times we choose easy passwords because we don’t see the purpose or importance of them and we don’t want to spend any effort in remembering something hard. Because of this, the tendency is to pick passwords that are easy to remember.

Just like with memorizing Pi, we have to practice using our passwords (when we regularly visit a site like checking our email on gmail) or else we forget them really quickly.

Too many sites force us to create a password for a one time visit or to protect information that really doesn’t seem important enough to protect. And so, instead of choosing something like 8Ls0fd-h)3@u4h as our password, we choose qwerty1.

And that’s where a password loses its magic, and security stops being security.

If you ask us, Π = 3.14. We plan on testing our niece this weekend to see just how many digits she remembers a week after the contest.