Words of Heart is a dating site that will match you to other people who use the same password you do. It’s also not a real thing. I mean, it is. But it’s also not.
The site works as intended, and does indeed pair you to other individuals using the same password as you. But it’s less about finding love, and more a thoughtful bit of social commentary that surfaced on Twitter last week and left the infosec world scratching their heads.
Humans are bad at passwords, this we know. Despite numerous data breaches each year, it remains difficult proving to actual internet users that “password” or “123456” aren’t exactly keeping prying eyes out of your Wells Fargo account.
Two-factor authentication? Forget about it.
As for Words of Heart, creator Kryzysztof Zając told Motherboard he “came up with the idea as a joke and decided it would be funny to implement it.”
Twitter agreed, mostly — after they finished debating whether or not it was a phishing scheme.
— Louise Matsakis (@lmatsakis) February 6, 2018
As art, the site works as intended: you enter a password and get matches based on that password. Trying it with the usual suspects (123456, password, love, 1111111, etc.) showed numerous matches, although none with actual contact details — which leads me to believe most are just toying with it as a humorous way to see if others share their passwords. As you’d expect, however, longer, more complex passwords yielded zero results.
It seems that no one shares my affinity for randomly generated, multi-format passwords (including upper and lower case, numbers, and symbols). And that’s a good thing. Well, unless you’re trying to find a date.