Memorability based on simple shapes

The first set of ``memorable'' passwords that we define is a subset of those passwords that might reasonably be expected to carry meaning. We look at all strokes in the form of rectangles, and show that by combining two such strokes, we already reach the size of the dictionaries used to crack textual schemes. To be more precise, consider the set of rectangles within a $G \times G$ grid. Since a rectangle can be defined by two rows (the top and bottom edges of the rectangle) and two columns (the left and right edges), it is clear that the number R(G) of rectangles on a $G \times G$ grid is

$$R(G)= {G \choose 2}^2 = \frac{1}{4}G^{2}(G-1)^{2}$$

Each of these rectangles can be generated in many ways. For example, the starting point of a stroke can be at any of the corners, and the stroke direction can be clockwise or counter-clockwise. This yields 8 possibilities for each rectangle. In addition, one can choose whether to close the rectangle by returning to the starting cell or not, again doubling the possibilities. On a $5 \times 5$ grid, this amounts to 1600 possible strokes. Two such strokes in succession gives $2.56 \times 10^{6}$ passwords, already roughly the size of the textual dictionary that contained the passwords of 25% of users in Klein's study [12]. Clearly we can generate a much larger set of passwords by considering variations on the theme of rectangles, or by considering other Gestalt forms [33].