Researchers make weak passwords strong with CAPTCHAs plus an algorithm

Researchers have found a way to get around the persistent problem of remembering -- break them in two in such a way that one part is easy to remember and is used to encrypt and decrypt the other part that is long and complex.

The Java-based method employs CAPTCHAs as the vehicle to store the complex halves of passwords, says a team led by researchers at the Max Planck Institute for Physics in Dresden, Germany, in their paper "The weak password problem: chaos, criticality, and encrypted p-CAPTCHAs."

DEEP DIVE: 15 genius algorithms that aren't boring

These CAPTCHA images are encrypted using the simple half of the password in combination with a class of mathematical algorithm known as chaotic lattices, says Konstantin Kladko, one of the paper's authors, who works at Axioma Research in Palo Alto, Calif.

To retrieve the complex half of the password, users enter the easy-to-recall password fragment and the algorithm decrypts the CAPTCHA. Users copy the password from the CAPTCHA to decrypt protected files, Kladko says.

He says his team expects that within a month or so it will set up a Web page where users can download a Java applet that performs the encryption and decryption.