Password The Game Word List

Password the game word list

  1. Words For The Game Password
  2. Password The Game Word List Generator

The table below shows examples of a simple password that is progressively made more complex. The first column lists simple words that are easy to remember and are found in the dictionary. The second column is a modification of the first column. The last column shows how the simple password is converted into one that is harder to figure out. If you click the words under the image, it will take you to the post with instructions on how to use the printable. Hopefully this page can help you find the game you’re looking for. Here’s some various word lists I’ve made that you can print out and cut up. This comprehensive Christmas and winter holiday vocabulary word list can be used in the classroom in so many ways. Use it to inspire word walls, word searches, puzzles, Hangman and Bingo games, crafts, worksheets, story starters, creative writing word banks, and a variety of elementary lesson plans in almost any subject.

The contestant had 60 seconds to guess 10 passwords beginning with consecutive letters of the alphabet, with the celebrity giving one-word clues as in the main game. The celebrity could see only the current password until the contestant either guessed it or passed. The word 'passphrase' is used to convey the idea that a password, which is a single word, is far too short to protect you and that using a longer phrase is much better. The increased length can allow for a greater number of possibilities overall, even if you use a passphrase made of random words to help you remember it.

Note: Just looking for the word lists?

  • Click here for EFF's long word list (for use with five dice) [.txt],
  • Click here for EFF's general short word list (for use with four dice) [.txt], and
  • Click here for EFF's short word list (with words that have unique three-character prefixes) [.txt].

Randomly-generated passphrases offer a major security upgrade over user-chosen passwords. Estimating the difficulty of guessing or cracking a human-chosen password is very difficult. It was the primary topic of my own PhD thesis and remains an active area of research. (One of many difficulties when people choose passwords themselves is that people aren't very good at making random, unpredictable choices.)

Measuring the security of a randomly-generated passphrase is easy. The most common approach to randomly-generated passphrases (immortalized by XKCD) is to simply choose several words from a list of words, at random. The more words you choose, or the longer the list, the harder it is to crack. Looking at it mathematically, for k words chosen from a list of length n, there are nk possible passphrases of this type. It will take an adversary about nk/2 guesses on average to crack this passphrase. This leaves a big question, though: where do we get a list of words suitable for passphrases, and how do we choose the length of that list?

Several word lists have been published for different purposes; thus far, there has been little scientific evaluation of their usability. The most popular is Arnold Reinhold's Diceware list, first published in 1995. This list contains 7,776 words, equal to the number of possible ordered rolls of five six-sided dice (7776=65), making it suitable for using standard dice as a source of randomness. While the Diceware list has been used for over twenty years, we believe there are several avenues to improve the usability and are introducing three new lists for use with a set of five dice (as part of its Summer Security Reboot Campaign, EFF is providing a dice set to donors).

Enhancements over the Diceware list

The Diceware list can provide strong security, but offers some challenges to usability. In particular, some of the words on the list can be hard to memorize, hard to spell, or easy to confuse with another word.

Password clue list
  • It contains many rare words such as buret, novo, vacuo
  • It contains unusual proper names such as della, ervin, eaton, moran
  • It contains a few strange letter sequences such as aaaa, ll, nbis
  • It contains some words with punctuation such as ain't, don't, he'll
  • It contains individual letters and non-word bigrams like tl, wq, zf
  • It contains numbers and variants such as 46, 99 and 99th
  • It contains many vulgar words
  • Diceware passwords need spaces to be correctly decoded, e.g. in and put are in the list as well as input.
Password The Game Word List

Note that several of these problems are exacerbated for users with a soft keyboard or other typing systems that relies on word recognition. Using only valid dictionary words makes this setup much easier.

Our new 'long' list

Our first new list matches the original Diceware list in size (7,776 words (65)), offering equivalent security for each word you choose. However, we have fixed the above problems, resulting in a list that is hopefully easy to type and remember.

We based our list off of data collected by Ghent University's Center for Reading Research. The Ghent team has long studied word recognition; you can participate yourself in their online quiz to measure your English vocabulary. This list gives us a good idea of which words are most likely to be familiar to English speakers and eliminates most of the unusual words in the original Diceware list. This data also includes 'concreteness' ratings for each words, from very concrete words (such as screwdriver) to very abstract words (such as love).

Words For The Game Password

We took all words between 3 and 9 characters from the list, prioritizing the most recognized words and then the most concrete words. We manually checked and attempted to remove as many profane, insulting, sensitive, or emotionally-charged words as possible, and also filtered based on several public lists of vulgar English words (for example this one published by Luis von Ahn). We further removed words which are difficult to spell as well as homophones (which might be confused during recall). We also ensured that no word is an exact prefix of any other word.

The result is our own list of 7,776 words [.txt] suitable for use in dice-generated passphrases. The words in our list are longer (7.0 characters) on average, than Reinhold's Diceware list (4.3 characters). This is a result of banning words under 3 characters as well as prioritizing familiar words over short but unusual words.

Note that the security of a passphrase generated using either list is identical; the differences are in usability, including memorability, not in security. For most uses, we recommend a generating a six-word passphrase with this list, for a strength of 77 bits of entropy. ('Bits of entropy' is a common measure for the strength of a password or passphrase. Adding one bit of entropy doubles the number of guesses required, which makes it twice as difficult to brute force.) Each additional word will strengthen the passphrase by about 12.9 bits.

Our new 'short' lists

We are also introducing new lists containing only 1,296 words (64), suitable for use with four six-sided dice. By reducing the number of words in the list, we were able to use words with a maximum of five characters. This can lead to more efficient typing for the same security if it requires fewer characters to enter N short words than N-1 long words.

Password The Game Word List Generator

Passphrases generated using the shorter lists will be weaker than the long list on a per-word basis (10.3 bits/word). Put another way, this means you would need to choose more words from the short list, to get comparable security to the long list—for example, using eight words from the short will provide a strength of about 82 bits, slightly stronger than six words from the long list.

The first short list [.txt] is designed to include the 1,296 most memorable and distinct words. Our hope is that this approach might offer a usability improvement for longer passphrases. Further study is need to determine conclusively which list will yield passphrases that are easier to remember.

Finally, we're publishing one more short list [.txt] which with a few additional features making the words easy to type:

  • Each word has a unique three-character prefix. This means that future software could auto-complete words in the passphrase after the user has typed the first three characters
  • All words are at least an edit distance of 3 apart. This means that future software could correct any single typo in the user's passphrase (and in many cases more than one typo).

We've added these features in the hope that they might be used by software in the future that was specially designed to take advantage of them, but will not offer a significant benefit today so this list is mostly a proof-of-concept for individual users. Software developers might be able to find interesting uses for this list.

Summary

Password The Game Word List

Different lists might be preferable in different situations, and that's perfectly fine. For example, you might consider using one of the short lists when you are prioritizing ease of remembering, or when you know that the highest level of passphrase strength is not necessary. This might cover a website login that offers additional protections, like two-factor authentication, and that rate-limits guesses to protect against brute force.

If you are typing the passphrase frequently (as opposed to using a passphrase database), you might prioritize reducing the length of the words. Our long list has an average length of 7.0 characters per word, and 12.9 bits of entropy per word, yielding an efficiency of 1.8 bits of entropy per character. Our short list has an average length of 4.5 characters per word, and 10.3 bits of entropy per word, yielding 2.3 bits of entropy per character. Our typo-tolerant list is much less efficient at only 1.4 bits of entropy per character. However, using a future autocomplete software feature, only three characters would need to be typed per word, in which case this would be the most efficient list to use at 3.1 bits of entropy per character typed.

You might find the shorter average length in the original Diceware list to be preferable. That's perfectly fine as well, given the caveats we mentioned about the difficulty of using this list. Note that the original Diceware list offers 3.0 bits of entropy per character and hence less typing. As discussed above, we feel the large number of short words in this list (including single letters and bigrams) are hard to remember and hence a bad tradeoff to decrease typing time.

Since passphrases are individually chosen, it's okay for multiple lists to exist. In fact, this might even increase security, as it means the attacker has some uncertainty about which list was used to generate a passphrase.

We think our lists will be useful for people generating passphrases using EFF's dice (or otherwise), though they certainly aren't the last word on the matter. There's plenty of room for further research and experimentation on memorability and ways of optimizing lists and we hope people will keep exploring this area.

Support EFF's work during our Summer Security Reboot!

What it is: A talking, guessing game for four players

Best for: Teens to adults

What you need:

  • Only a list of words (and I’ve gotplenty for you)

How to play: You play password with two teams of two. There’s one word (the password) that one player on each team knows, and both are trying to get their teammate to guess the word first by taking turns giving one-word clues.

Here’s how it works.

Let’s say our players are Ben and Brooke (on one team) and Dan and Donna (on the other team).

Each team chooses one player to go first. We’ll say Ben and Dan. Using a word generator or paper slips or cards with words written on them, one word is chosen, the word that will be the password for both of them. We’ll say it’s “key.”

Ben and Dan both know the password, while it’s kept secret from Brooke and Donna.

Once Ben and Dan both know the password, the game can start. One of them will go first, say Ben. He gets a chance to get his teammate Brooke to guess the password. The trick is, Ben can only give a one-word clue. He might say “lock.” With her one-word clue, Brooke thinks and makes a one-word guess as to what the password might be. She might say, “door?” Because she guesses incorrectly, it’s now Dan and Donna’s turn.

Dan can now give Donna a one-word clue. He might say “metal.” Now Donna has the benefit of knowing Dan’s clue (metal) as well as Ben’s (lock). But she might still guess incorrectly and say, “safe?”

Now it’s Ben’s turn again. He thinks hard and gives the clue “unlock.” It’s Brooke’s turn to guess, and now she has three clues to work with: lock, metal, and unlock. That might be enough for her to correctly guess, “key?”

Play goes back and forth between the two teams, as many turns as it takes, until someone guesses the password. Once someone correctly guesses the password, the round is over, that team gets a point, and you start another round. Switch roles first, so Brooke and Donna are giving the clues and Ben and Dan are guessing. Every two rounds, switch which team goes first.

That’s the basic gameplay! It’s simple and might even seem boring, but it can actually get really funny. You might have seen the game played on the Tonight Show with Jimmy Fallon.

The game is also a fun test as to how well two players know each other. The more you know about your partner and the way they think, the better chance you have of figuring out their clues. For example, once when my husband and I were playing, the password was stomp. The other team had given the clue foot, and it was my turn to give my husband a clue. Our three-year-old daughter was going through a very stubborn phase where she was apt to throw mini tantrums, so I only had to say Annelise for my husband to know exactly what I was talking about. 🙂

As for what words to use, the word lists for catchphrase, either easy or medium, might work well. My online or app form word generator is a great resource. Multi-meaning words like organ and wave are always interesting, because the clue-givers can say any one-word clue they want, even if they use a different definition of the password that has previously been used. The same goes for words like coach or bruise that can be either verbs or nouns.

Rules: Like in catchphrase, rhyming words are not allowed as clues. So, for example, if the password were sassy and someone, after a few rounds, tried to use the word Lassie as a clue, that would be against the rules, because sassy and Lassie have no relation except for the fact that they rhyme (well, unless you have a pet dog named Lassie with some serious sass). The same goes for using clue words simply because they have the same first letter as the password.

Variations: The game is similar to catchphrase.

Other Related Games and Posts