Cybersecurity

Password Security Gets Even More Complicated

Creating a secure password under the overarching paradigm of making it long, complex, but memorable is a difficult task, and often more art than science. For most, this means combining one or more words with a few numbers, and maybe a symbol. These will then get rearranged whenever they need to change their password. At the end of the day, this isn’t really a secure practice, as the password is typically something an adept social engineer could work out or could be easily cracked by brute force credential stuffing. So why would a password like “ji32k7au4a83,” which on the surface meets most of the criteria for complexity, show up in 141 data breaches?

Bad Password

BeeBright / IStock / Getty Images Plus / Getty Images

This question was posed by hardware/software engineer Robert Ou to his Twitter followers. He found the password while searching through data breach aggregator Have I Been Pwned, a service created by security researcher Troy Hunt. The site helps users track whether their personal data or email addresses have gotten wrapped up in a data breach. There is also a function to check if a particular password has turned up in a breach so that you either pick a different one, or as a pretty stark reminder to change it if you’re already using it.

To get the answer, like several of Ou’s Twitter followers did, you need to employ a little bit of cross-cultural thinking. The password “ji32k7au4a83″ is a byproduct of using a Zhuyin Fuhao system, which employs Unicode to transliterate Mandarin Chinese. In the end, “ji32k7au4a83″ translates to English as “mypassword,” which is not exactly secure.

If you’re interested in more detail about how the transliteration works, Rhett Jones of Gizmodo reached out to a graduate student in linguistics for clarity. You can find that discussion here.

In the end, if you’re struggling to keep all of your increasingly complex passwords safe, a password manager is a safe way to go. Tech review site Wirecutter recommends LastPass, though also suggests considering 1Password and Dashlane. While these are not without their problems, they certainly make tracking and generating complex passwords a whole lot easier.