Security Research
Showing results for 
Search instead for 
Do you mean 

Four legs good: Recent advances in secure password generation

Angela_Gunn on ‎04-01-2014 02:53 PM

Recent testing by HP Security Research indicates that the average housecat is measurably more effective than human computer operators at generating passwords of appropriate strength.


In testing conducted in field research facilities, researchers found that allowing a housecat of average size and mobility to interact with a stationary computer keyboard for at least four seconds resulted in strings of at least ten characters in length, using multiple character classes, with no incidence of dictionary-word usage reported. In contrast, passwords generated by humans under the same constraints resulted in the strings “password,” “12345678,” and “PASSWORD.”


In addition, the cats in testing evidenced a near-perfect ability to abide by rules concerning periodic password resets. In all but one test, the felines reliably generated a new password at every presented opportunity. In contrast, human volunteers were observed making concerted attempts to evade password-reset requirements, repeatedly submitting the same password in a different case or adding a single exclamation point to a previously used word.


“Frankly, we should have seen this coming,” stated researcher Jane Foster. “I can’t convince my mother to stop using ‘hellothere’ on every single account she’s got, including her bank. Combine that with the constant stream of LOLcat photos she sends me each day and the solution was obvious.”


Researchers tested five feline password-generation techniques, listed in decreasing order of efficacy:


Laterally Extruded Airborne Procedure (LEAP) – Overall, cat-initiated motions such as LEAP proved most efficient at delivering password strings of appropriate length and complexity.


Biometric Unscheduled Manual Procedure (BUMP) – Testing involving cats manually placed in proximity to keyboards resulted in passwords of great variability, depending on whether the feline research subject deployed adjacent objects such as full coffee cups in the BUMP process.


Directionally Rigid Orthogonal Procedure (DROP) – Researchers testing this method noted a number of timing issues, as the feline subjects were subject to gravity in their interactions with the keyboard. Cats involved in DROP testing evidenced confusion at their state change, with most attempting to climb back onto the attending researchers.


Feline Lofted Identity Nonce Generation (FLING) – Passwords generated by the FLING method were notably shorter than those generated by other methods; in addition, the research team found it difficult to replicate their methods, as the cats rapidly became hostile to further contact.


Propulsion Uncontrolled, No Traction (PUNT) – Strongly contraindicated, with significant subsequent harm to researchers involved in testing. (Researchers engaged in PUNT testing did not control sufficiently for cats’ ability to deliver secondary testing results to researchers’ calves and/or unoccupied shoes.)


Researchers noted that all mammals involved in testing volunteered their services, though it is suspected that the cats were enticed by the presence of computer mice, while the humans preferred cookies.


The single drawback revealed by the HPSR project – the lack of ability of the cats to make note of and re-enter their passwords – was dismissed as trivial by researchers, who noted that both human and feline volunteers give up and have a reset link emailed to them most of the time.


Further research results are scheduled for delivery next April 1.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all