Creating a Password: The user first selects a picture that is interesting to him. The user then randomly selects 16 words from a dictionary (I strongly recommend using a computer program to help with this random selection). The user may select 4 of these 16 words to form a password. The user should store the picture publically in a convenient location (file on the computer, public web site, printed photo carried in wallet etc…). The user does not need to worry about hiding the picture. He should also publically note which account the picture is being linked to.


Memorize Password: The user creates a story involving these four words inside the picture. The user can create any story he wants, but we would recommend stories that are unusual or surprising.


Rehearse Password:  Rehearse the password after 1 day, then after 4 days, then after 8 days, 16 days ….(logging in to the site counts as a rehearsal.)


Recall Password: The user looks at the picture, remembers the corresponding words and enters his password.



                                                                    Password Management



Example Password Creation: I selected a photo of the Russell Glacier as my cue, and used a computer program to select 16 random words from my dictionary. Four of the sixteen words were: march, boats, brie, and swim.


Recommendations: I always sort the words so that you don’t have to remember the order. I use a separate picture and story for each account. The same picture should not be reused for multiple stories. I use a smaller dictionary (~20,000 common words) so that I am familiar with most of the words in the dictionary. Once again I strongly recommend using a computer program to select truly random words.  If you select random words yourself then you might subconsciously select words that are correlated with the picture, which could make it easier for an adversary to guess your password.


Pick Interesting Photos: Interesting photos are better cues. They provide a richer context under which associations can be formed. I would recommend that you pick a photograph with some open space so that you have places to store the words in your story. If you don’t want to find your own photos then you could use one of my photos. You can look at the pictures I use here (warning the page will take a long time to load!). If you want to look at the pictures individually you can find them in this folder.


Pick Surprising Stories: Making a surprising story requires some creativity and effort. Surprising stories grab our attention. Surprising stories are easier to remember.




            Brie                                                             March

           Boats                                      Swim (Michael Phelps)

I imagined a *march*ing band marching off the right side of the glacier and falling into the water beneath. I imagined boats floating in the water with brie cheese tied to the back of the boats. I imagined Michael Phelps *swim*ming behind the boats trying to catch the brie cheese in his mouth.

I make special note of a few potential points of confusion: 1) there are multiple boats in the water - singular vs plural 2) the word is march (not marching) and swim (not swimming) – verb tense 3) I am looking for the word swim (not the Olympic gold medalist Michael Phelps).

To avoid confusion I always use the words in alphabetical order. In this case my password would be: boatsbriemarchswim.


Looking at the rules below I see that I need to modify my password: B04tbr13m4rcsw1m









Text Box: Russell Glacier (PNC Bank)
Rules: Capital letter, maximum length sixteen, must include a number





Common Restrictions: Some web sites have annoying restrictions on the passwords (e.g., maximum length is sixteen characters, must include an uppercase letter, must include a number, and/or must include a special symbol). If the maximum length is 16 then I use the first four letters of each word. If the password needs to include a uppercase letter then I always capitalize the first letter. If the password must include a number then I substitute vowels with numbers (e.g., I use e = 3, i=1, o = 0, a = 4, u = 8. These substitutions are not private so I can safely write them down and even publish them). If the password requires a special symbol then I add and exclamation mark (!) to the end of the password. I make a note of the rules that I had to use to use to overcome the restrictions. You do not have to hide this note as it does not affect the security of the password.

Security Analysis: If used correctly this password management scheme is highly secure! An adversary who has seen multiple passwords will most likely fail to crack your passwords. There are around 160,000,000,000,000,000 possible passwords that the adversary would need to try to guess your password. This is true even if

1)     The adversary knows how you are picking your passwords.

2)     The adversary has seen the pictures that you are using as cues.

3)     The adversary knows the rules you are using to overcome common restrictions.