Security Research
Showing results for 
Search instead for 
Do you mean 

Four legs good: Recent advances in secure password generation

Angela_Gunn on ‎04-01-2014 02:53 PM

Recent testing by HP Security Research indicates that the average housecat is measurably more effective than human computer operators at generating passwords of appropriate strength.


In testing conducted in field research facilities, researchers found that allowing a housecat of average size and mobility to interact with a stationary computer keyboard for at least four seconds resulted in strings of at least ten characters in length, using multiple character classes, with no incidence of dictionary-word usage reported. In contrast, passwords generated by humans under the same constraints resulted in the strings “password,” “12345678,” and “PASSWORD.”


security-cat.jpgIn addition, the cats in testing evidenced a near-perfect ability to abide by rules concerning periodic password resets. In all but one test, the felines reliably generated a new password at every presented opportunity. In contrast, human volunteers were observed making concerted attempts to evade password-reset requirements, repeatedly submitting the same password in a different case or adding a single exclamation point to a previously used word.


“Frankly, we should have seen this coming,” stated researcher Jane Foster. “I can’t convince my mother to stop using ‘hellothere’ on every single account she’s got, including her bank. Combine that with the constant stream of LOLcat photos she sends me each day and the solution was obvious.”


Researchers tested five feline password-generation techniques, listed in decreasing order of efficacy:


Laterally Extruded Airborne Procedure (LEAP) – Overall, cat-initiated motions such as LEAP proved most efficient at delivering password strings of appropriate length and complexity.


Biometric Unscheduled Manual Procedure (BUMP) – Testing involving cats manually placed in proximity to keyboards resulted in passwords of great variability, depending on whether the feline research subject deployed adjacent objects such as full coffee cups in the BUMP process.


Directionally Rigid Orthogonal Procedure (DROP) – Researchers testing this method noted a number of timing issues, as the feline subjects were subject to gravity in their interactions with the keyboard. Cats involved in DROP testing evidenced confusion at their state change, with most attempting to climb back onto the attending researchers.


Feline Lofted Identity Nonce Generation (FLING) – Passwords generated by the FLING method were notably shorter than those generated by other methods; in addition, the research team found it difficult to replicate their methods, as the cats rapidly became hostile to further contact.


Propulsion Uncontrolled, No Traction (PUNT) – Strongly contraindicated, with significant subsequent harm to researchers involved in testing. (Researchers engaged in PUNT testing did not control sufficiently for cats’ ability to deliver secondary testing results to researchers’ calves and/or unoccupied shoes.)


Researchers noted that all mammals involved in testing volunteered their services, though it is suspected that the cats were enticed by the presence of computer mice, while the humans preferred cookies.


The single drawback revealed by the HPSR project – the lack of ability of the cats to make note of and re-enter their passwords – was dismissed as trivial by researchers, who noted that both human and feline volunteers give up and have a reset link emailed to them most of the time.


Further research results are scheduled for delivery next April 1.

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all