Strong passwords: The mathematical power of 3 random words
It’s hard to imagine that three random words have the power to both map the globe and keep your private data secure. The secret behind this power is just a little bit of math.
What3words is an app and web-based service that provides a geographic reference for every 3-meter-by-3-meter square on Earth using three random words. If your brain operates more naturally in the English measurement system, 3 meters is about 9.8 feet. So, you could think of them as roughly 10-foot-by-10-foot squares, which is about the size of a small home office or bedroom. For example, there’s a square in the middle of the Rochester Institute of Technology Tigers Turf Field coded to brilliance.bronze.inputs.
This new approach to geocoding is useful for several reasons. First, it’s more precise than regular street addresses. Also, three words are easier for humans to remember and communicate to one another than, say, detailed latitude and longitude measurements. This makes the system well suited for emergency services. Seeing these advantages, some car manufacturers are starting to integrate what3words into their navigation systems.
Here’s how three random words in English or any other language can identify such precise locations across the whole planet. The key concept is ordered triples.
Start with the basic assumption that the Earth is a sphere, recognizing that this is an approximate truth, and that its radius is approximately 3,959 miles (6,371 kilometers). To compute the surface area of the Earth, use the formula 4πr2. With r = 3,959 (6,371), this works out to approximately 197 million square miles (510 million square kilometers). Remember: What3words is using 3-meter-by-3-meter squares, each of which contains 9 square meters of surface area. So, working in the metric system, Earth’s surface area is equivalent to 510 trillion square meters. Dividing 9 into 510 trillion reveals that uniquely identifying each square requires around 57 trillion ordered triples of three random words.
An ordered triple is just a list of three things in which the order matters. So “brilliance.bronze.inputs” would be considered a different ordered triple than “bronze.brilliance.inputs”. In fact, in the what3words system, bronze.brilliance.inputs is on a mountain in Alaska, not in the middle of the RIT Tigers Turf Field, like brilliance.bronze.inputs.
The next step is figuring out how many words there are in a language, and whether there are enough ordered triples to map the globe. Some scholars estimate there are more than a million English words; however, many of them are very uncommon. But even using only common English words, there are still plenty to go around. You can find many word lists online.
The developers at what3words came up with a list of 40,000 English words. (The what3words system works in 50 different languages with independently assigned words.) The next question is determining how many ordered triples of three random words can be made from a list of 40,000 words. If you allow repeats, as what3words does, there would be 40,000 possibilities for the first word, 40,000 possibilities for the second word, and 40,000 possibilities for the third word. The number of possible ordered triples would then be 40,000 times 40,000 times 40,000, which is 64 trillion. That provides plenty of “three random word” triples to cover the globe. The excess combinations also allow what3words to eliminate offensive words and words that would be easily confused for one another.
Passwords you can actually remember
While the power of three random words is being used to map the Earth, the U.K. National Cyber Security Centre (NCSC) is also advocating their use as passwords. Password selection and related security analysis are more complicated than attaching three words to small squares of the globe. But a similar calculation is illuminating. If you string together an ordered triple of words – such as brilliancebronzeinputs – you get a nice long password that a human should be able to remember far more easily than a random string of letters, numbers and special characters designed to meet a set of complexity rules.
If you increase your word list beyond 40,000, you’ll get even more possible passwords. Using the “Corncob list” of 58,000 English words, you could generate more than 195 trillion “three random word”-style passwords.
It’s important to note that there are a fair number of trade-offs among the different approaches to password selection and complexity rules. So, while “three random words” doesn’t give you a fail-safe for password security, the complexity of language does provide some amazing power in this realm as well.
This article is republished from The Conversation under a Creative Commons license. Read the original article.