Finding The Hidden InfoSec Story

Scrabbling for a Password

Photo Credit: jessejanderson via Compfight cc

My family love Scrabble. They pride themselves on coming up with obscure words that have particularly high scores and use high scoring letters such as Q and Z. The more obscure the better. And as their Scrabble experience increases, their inventory of obscure words expands.

Words such as zaitech (a financial technique) xoanon (a carved idol) or dzho (a cross between a yak and a cow) are very rarely in common use, but in a Scrabble environment they seem to spring to mind effortlessly, and can have very high scores.

And if you think about it Scrabble is really an old school version of hacking a password file. In Scrabble you are given seven pseudo-random letters and you have to construct a word out of them, which is pretty much what a password hacker does. The harder words take longer to think of than the easy words, in the same way that it is harder to hack a more complex password.

So can we use Scrabble to make passwords more fun and memorable? Is a high scoring Scrabble word a better password than a low scoring word? Possibly, but by definition they would both be discovered in a dictionary attack, unless perhaps we also incorporate the scores themselves in the password.

But what if we had to play Scrabble instead of inputting a password? The system would generate seven letters and we would have to make a word that scored more than ten or used more than five characters. For strong authentication we would have to make two connected words.

And really – would it be any less secure that the password madness we have now? It would certainly be more fun!


Scrabble is a registered trade mark of Mattel Inc.

Author: Andy Jones

Share This Post On