Image of the glider from the Game of Life by John Conway
Skip to content

Do XKCD Passwords Work?

You'll always see comments on web forums, social sites, blog posts, and emails about "XKCD passwords". This is of course referring to the XKCD comic by Randall Munroe describing what he thinks is the best password generator:

What no one has bothered asking, is if this actually works.

Lorrie Faith Cranor, director of the Carnegie Mellon Usable Privacy and Security Laboratory at Carnegie Mellon University, a member of the Electronic Frontier Foundation Board of Directors, and Professor in the School of Computer Science and the Engineering and Public Policy Department at Carnegie Mellon University, did ask this question. In fact, she studied to the point, that she gave a TED talk on the subject. The transcript of her talk can be found here. Here are the relevant bits (emphasis mine):

Now another approach to better passwords, perhaps, is to use pass phrases instead of passwords. So this was an xkcd cartoon from a couple of years ago, and the cartoonist suggests that we should all use pass phrases, and if you look at the second row of this cartoon, you can see the cartoonist is suggesting that the pass phrase "correct horse battery staple" would be a very strong pass phrase and something really easy to remember. He says, in fact, you've already remembered it. And so we decided to do a research study to find out whether this was true or not. In fact, everybody who I talk to, who I mention I'm doing password research, they point out this cartoon. "Oh, have you seen it? That xkcd. Correct horse battery staple." So we did the research study to see what would actually happen.

So in our study, we used Mechanical Turk again, and we had the computer pick the random words in the pass phrase. Now the reason we did this is that humans are not very good at picking random words. If we asked a human to do it, they would pick things that were not very random. So we tried a few different conditions. In one condition, the computer picked from a dictionary of the very common words in the English language, and so you'd get pass phrases like "try there three come." And we looked at that, and we said, "Well, that doesn't really seem very memorable." So then we tried picking words that came from specific parts of speech, so how about noun-verb-adjective-noun. That comes up with something that's sort of sentence-like. So you can get a pass phrase like "plan builds sure power" or "end determines red drug." And these seemed a little bit more memorable, and maybe people would like those a little bit better. We wanted to compare them with passwords, and so we had the computer pick random passwords, and these were nice and short, but as you can see, they don't really look very memorable. And then we decided to try something called a pronounceable password. So here the computer picks random syllables and puts them together so you have something sort of pronounceable, like "tufritvi" and "vadasabi." That one kind of rolls off your tongue. So these were random passwords that were generated by our computer.

So what we found in this study was that, surprisingly, pass phrases were not actually all that good. People were not really better at remembering the pass phrases than these random passwords, and because the pass phrases are longer, they took longer to type and people made more errors while typing them in. So it's not really a clear win for pass phrases. Sorry, all of you xkcd fans. On the other hand, we did find that pronounceable passwords worked surprisingly well, and so we actually are doing some more research to see if we can make that approach work even better. So one of the problems with some of the studies that we've done is that because they're all done using Mechanical Turk, these are not people's real passwords. They're the passwords that they created or the computer created for them for our study. And we wanted to know whether people would actually behave the same way with their real passwords.

So, in her research, XKCD passwords really didn't work out that well. They are longer in length, so they take longer to type, which increases the chance for error, and people are no better at remembering on XKCD passphrase, than they are a short string of random characters.

To me, this is unsurprising. If you look at the history of my blogging on passwords, you'll find that I continually advocate true random events to build your passwords, maximizing entropy. In my last post, I even blogged two shell functions that you can use to build XKCD passwords, and "monkey passwords" (monkeys generating passwords by banging away at a keyboard). Both target 80-bits of entropy in the generation. Check out the lengths:

$ gen-monkey-pass 9
cxqwtw63taxdr3zn	uaq4tbt43japmm2q	mptwrxhhb486yfuv
-cb73b9-kgzhmww3	s45t3x6r9smw-7yr	hjkgzkha-qup4gh4
34c5rg4ksw-aprvk	uug-2vq7pfze6dnp	s4qx4eazbnrd2pqe

$ gen-xkcd-pass 9
sorestdanklyAlbanyluckyRamonaFowler   (sorest dankly Albany lucky Ramona Fowler)
towsscareslaudedrobinawardsrenal      (tows scares lauded robin awards renal)
thinkhazelsvealjuggedagingscareen     (think hazels veal jugged agings careen)
tarotpapawsNolanpacketAvonwiped       (tarot papaws Nolan packet Avon wiped)
surgesakimbohardercruelArjunablinds   (surges akimbo harder cruel Arjuna blinds)
amountlopsedgemeaslyCannoninseam      (amount lops edge measly Cannon inseam)
EssexIzmirwizesPattygroutszodiac      (Essex Izmir wizes Patty grouts zodiac)
hoursmailedslamsvowedallowspar        (hours mailed slams vowed allow spar)
AfghanNigelnutriadillmoldertrolly     (Afghan Nigel nutria dill molder trolly)

XKCD passwords average 32 characters to achieve 80-bits of entropy, compared to 16 characters that "monkey passwords" produce. And, according to the research done by Lorrie, people won't necessarily recall XKCD passwords any easier than "monkey passwords". So, if that's the case, then what's the point? Why bother? Why not just create "monkey passwords", and use a password manager?

Exactly. It's 2015. There are password managers for your browser, all versions of every desktop operating system, command-line based utilities for servers, and even apps for your smartphone. There are plenty of "cloud" synchronization services to make sure each instance is up-to-date. At this point, your passwords should:

  • Contain at least 80-bits of entropy.
  • Be truly random generated (no influence from you).
  • Be unique for each and every account.
  • Be protected with two-factor authentication, where available.
  • Be stored in a password manager, that is easily accessible.

You'll remember the ones you type in frequently, and you'll memorize them quickly. The others are stored for safe keeping, should you need to recall them.

{ 10 } Comments

  1. Mike | September 15, 2015 at 6:52 am | Permalink

    Realizing there are about 2k ways to generate random strings, I am going to toss one more random password generator on the heap:

    openssl rand -hex 10

  2. Aaron Toponce | September 15, 2015 at 6:54 am | Permalink

    Mike- This only gives you 40-bits of entropy. You need a 20-character hexadecimal string to reach the 80-bit entropy threshold.

  3. Miles Johnson | September 15, 2015 at 9:28 am | Permalink

    I still use the Shocking Nonsense approach advocated by PGP back in 1993: https://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html

    Using this approach, you generate high entropy pass phrases that are easy to remember. In fact, some of them are difficult to forget.

  4. RyanE | September 15, 2015 at 9:49 am | Permalink

    While I agree that random passwords with a password keeper is a much better strategy, I disagree that the XKCD-style phrase is more error prone than typing an equivalent strength monkey-bashing password...

    *for someone who is proficient at spelling and typing*.

    I can type *a couple* of the XKCD style pass phrases (assuming I can remember the words) in the time I can type a single monkey-bashed password from your lists above.

    Now, remembering long pass phrases... that gets harder as I get older. I think I'll stick with LastPass / KeePass.

    🙂

  5. Martin Owens | September 15, 2015 at 11:23 am | Permalink

    The final comparison uses false equivalence to link the pronounceable passwords used in Cranor's research and the random 'monkey' passwords used here. 80bits of pronounceable passwords are needed OR memory of monkey passwords needs to be studied and recorded for comparison.

  6. Aaron Toponce | September 15, 2015 at 11:53 am | Permalink

    Don't misunderstand me. I'm not necessarily coming to the conclusion that:

    • "monkey passwords" are easier to remember than XKCD passwords.
    • XKCD passwords are always difficult to remember.
    • My 6-word XKCD passwords necessarily fall into the same study as 4-word XKCD passwords (seems logical that the longer the passphrase, the more difficult it becomes to recall).

    However, the study does conclude that XKCD passwords aren't the big win over random characters that most advocates think they are. I am drawing the conclusion that provided a large enough set, with true randomness, you can get much shorter passwords with monkeys, than you can with XKCD (16 characters vs 32 in the scenario above). In my examples, this set is unambiguous lowercase alphanumeric (with the dash), making it painless to type out.

  7. Edd | September 15, 2015 at 1:47 pm | Permalink

    > However, the study does conclude that XKCD passwords aren't the big win over random characters that most advocates think they are

    But the study is comparing random pronounceable *syllables*, not characters. It would suggest that as soon as you use random characters, there's a big hit on ability to memorise. So, as a previous commenter pointed out, that distinction is important.
    I'm guessing the entropy difference is less stark -- it would be interesting to compare them.

  8. Aaron Toponce | September 15, 2015 at 1:52 pm | Permalink

    Fair enough.

  9. demure | September 15, 2015 at 4:18 pm | Permalink

    I do use my passwd manager to make most passwords, but I do feel that the the XKCD/shocking nonsense is better for the few key passwds I need to keep in my head.

  10. Jacob | October 20, 2015 at 10:49 am | Permalink

    I still have a preference for a passphrase, especially when using my onscreen phone keyboard, and am frustrated by many seemingly over the mark restrictions that look like the CMU one. I wonder if one of Cranor's studies has tested using poetry.

    http://www.isi.edu/natural-language/mt/memorize-random-60.pdf

Post a Comment

Your email is never published nor shared.