When I was trying to decide on a password for my WordPress account, I noticed the helpful “password meter” which gauges the strength of your password of choice, both with a little colored bar that fills up incrementally, and an assessment of your current password’s merits. My default password received a “Bad”.
Really? Sure, it’s only six characters, but nobody’s ever guessed it (Yes, my name is six letters, but I’ll bet you that’s usually pretty close to the top of the list). The phishers on myspace have yet to successfully convert me into an automated Webcam advertisement or Macy’s gift card dispenser.
But apparently my proposed password is as hard to guess as “12345”, which also earns a “Bad”.

So I decided, lead by WordPress Password Consultancy, to choose a password more suitable to their liking.

Let’s go back to the number example. What if my password was one thing over and over again, the theory being the same as rock/paper/scissors.
Let’s say we play a game in which I only have to beat you ONCE in order to win. Say I throw paper three times in a row. Then again. And again. Eventually you are going to keep throwing scissors, right? (or rather, you have every time so far, right? Because I only need one to beat you. Let’s say two, to give you a sporting chance) The probability hasn’t changed at all. In theory, each throw should be 50/50. But I keep throwing paper, and with each throw, a nagging voice grows in the back of your head: THIS will be the time he throws rock.

Back to passwords. What if I make my password nothing but a’s? How long before WordPress considers my opponent psyched out?

At 10 a’s, it’s still “Bad.”
same at 14.
15 a’s and it’s upgraded to “Good”.
at 16, back to “Bad” again.
at 17, “Good.”
34 a’s earns you a “Strong,” the highest rating for a password.

For comparison, is it the same if you use numbers?
The breakdown:
0-3: Too Short.
4-10: Bad
11-26: Good
27: Strong.
28: Good.
29 and up: Strong.

By this point, you should be starting to get some sense of how seriously I take procrastination.

So. Other passwords and the rating they received.

0 (too short)
Sascha (bad)
PopularMichaelJacksonAlbum (strong)

…okay. This gives me a new goal. I want to enter my password in the form of a simple puzzle and have the Password Strength Meter answer it correctly. Nothing complicated. This is the WordPress Password Consultant, not Deep Blue. For instance, for “PopularMichaelJacksonAlbum,” I was looking for “Bad”, obviously. Although I would also have accepted “Thriller.”

I decided the password had to be a song or movie title. Here are some passwords I tried, all with a _ where the missing word should be (e.g. “_boys”). I’ve replaced the _ below with the consultant’s response in parentheses.

(good)boys
the(strong)shepherd
(good)tothebone
doctorfeel(strong)
colorme(good)
super(good)
(good)lands
the(bad)the(good)andthe(strong) (wow, 0 for 3)
small deviation:
(bad)bad
strong(good)

I wasn’t having much luck. I’m sure the two of you reading this (Colin and myself) can think of plenty of word_ combinations that would give the desired result. But I was having a hell of a time.

Anyway, I found one. I’m not going to tell you what it is. Instead, I’m going to give you a hint, and you figure it out. First one to does gets to hack into my account and throw up a new Iceland Spar post under my name about anything he/she wants, informing us all that our hi-tech security system has been breached.
Then I’ll probably change my password.

The password is the title of the song with an underscore replacing “bad,” “good,” or “strong”. Example above.

So, the hint. And don’t google it, obviously. That’s lame.

Contemporary band. The song in question contains the lyric, “I’ve seen her naked twice! I’ve seen her naked…TWICE!!”

Happy Hacking.
Sascha (bad)

Advertisements