The Password Game: strategy & statistics

Last updated May 5, 2025

In The Password Game, you must choose a password while meeting increasingly absurd requirements. Many of the rules build on each other, so satisfying one could invalidate several others. This is what I will be focusing on in this guide. I was previously interested in attempting to create the shortest password, but watching a few speedruns that aim for minimum characters satisfied my curiosity and I highly doubt I could do better than 53 characters (the current record).

The explanation of how to solve the relevant rules is basically complete. There's a bit more I intended to talk about with regards to my methods, and a few more statistics I wanted to calculate (like how many YouTube URLs you'll likely need to try before finding one that doesn't completely screw you up), but I've decided to take a sort-of break. I already calculated how many hex colors have what sums by brute force, and copied the results to a file I can use without having to re-calculate them every time. It's perfectly in the scope of this article to do that, but the thing is that it's extremely mathematically interesting to me to figure out what the formula is for how many hex colors have what sums. So, I'm going to be elsewhere chirping about permutations and combinations for a while.

  1. How to solve
    1. Rule 9: The Roman numerals in your password should multiply to 35.
    2. Rule 10: Your password must include this CAPTCHA.
    3. Rule 12: Your password must include a two letter symbol from the periodic table.
    4. Rule 14: Your password must include the name of this country.
    5. Rule 15: Your password must include a leap year.
    6. Rule 16: Your password must include the best move in algebraic chess notation.
    7. Rule 18: The elements in your password must have atomic numbers that add up to 200.
    8. Rule 24: Your password must include the URL of a [randomly selected length] YouTube video.
    9. Rule 28: Your password must include this color in hex.
    10. Rules 32 & 33: Your password must include the length of your password; The length of your password must be a prime number.
    11. Rule 35: Your password must include the current time.
  2. Methods & calculations
    1. Digits in CAPTCHAs
    2. How long to get a CAPTCHA with no digits
    3. How many chess solutions end in check
    4. Atomic symbols in chess moves
    5. Digits in YouTube URLs

How to solve

Rule 9 (Roman numerals must multiply to 35)

This is the first rule that requires capital letters; everything else so far can be lowercase. XXXV (35) is the best option since the only element in it is a single V (atomic number 23). Anything else will include extra V's and I's, quickly eating into the limit for rule 18.

Rule 10 (CAPTCHA)

Refresh until you get a CAPTCHA with no digits, it takes about 17-28 seconds.

Rule 12 (two-letter atomic symbol)

Add He and remove it later if you need to.

Rule 14 (Geoguessr)

This doesn't disrupt any of the other rules since you can write the name of the country in all lowercase. But since I suggest starting the game over if you get certain chess puzzles, I figured I'd tell you how I get past this one. I look around to see if I can find the names of any streets, businesses, websites, etc and search for them. Most of the locations with no writing are distinct landmarks, so I Google Lens those.

Rule 15 (leap year)

Use the year 0. Some people argue that's not a real year, but the game accepts it!

Rule 16 (chess)

Lichess is a good place to learn how to play chess. 95% of the time you're looking to put your opponent in check (making one of your pieces one move away from capturing their king). The notation for your move will include, in order:

  1. A capital letter R, N, B, Q, or K if you moved a rook, knight, bishop, queen, or king, respectively. (No capital letter if you moved a pawn.)
  2. A lowercase x if your move captured a piece.
  3. A lowercase letter a-h indicating which column you moved to.
  4. A number 1-8 indicating which row you moved to.
  5. A plus sign if your move put the opponent in check.

There are other things algebraic chess notation can indicate, but none of the solutions in this game use them.

You usually won't have a hard time with elements in the chess move, but 10% of the solutions start with Bh, Nh, Rf, or Rg which have atomic numbers over 100. If you get one of those, it's probably worth starting the game over. Copy your password, refresh the page, paste it back in, and fix the CAPTCHA and Geoguessr country if you need to.

Rule 18 (atomic numbers must add to 200)

Any elements in your password should be highlighted in red. Note that the only completely necessary ones are the V in your Roman numeral, the one in your chess solution if it had one, and an additional two-letter atomic symbol if you need it. Every other rule so far can be in all lowercase. Start from 200 and subtract the atomic numbers of the elements in your password, then add the element with that number (if it exists and is valid—if you need elements that add to 120, you could use Og and He (118 + 2); if you need elements that add to 57, you can't use La due to the Roman numeral L but you can use Ba and H (56 + 1).)

Rule 24 (YouTube URL)

First, you need to find videos of the length you need. If the length is under 5 minutes, say 3:57, looking up "site:youtube.com "0:00 / 3:57"" on Google will get a bunch of videos of that length. If you're using Chrome, this also works with longer lengths. Some people report it working on other browsers by spoofing their user agent, but I haven't gotten that working personally. Instead, say the length I need is 20:34, I'd look up "20 minutes 34 seconds" on YouTube directly and try videos that are actually that long (plus or minus one second, which may be close enough to count) until I find a good one. It's a lot harder to find ones without Roman numerals or very high elements than it is to find ones with few digits. Also, the game accepts youtu.be links (e.g. youtu.be/cZFhf23SUoQ) if you want to keep your password tidy.

Rule 28 (hex color)

There are 16,777,216 possible colors and only a 0.7% chance of getting one that won't add digits. You probably have room for a few digits, though. After this rule, the only others you need are the prime-number length of your password (101 should be reasonable) and the time when you complete the game (you can plan ahead so that's 1:00 or 10:00). Between keeping Paul fed and using a color picker tool, checking each color will take a bit longer than checking the CAPTCHAs; let's say it takes 5 seconds. It takes a little over a minute to find one with a sum of 5 or lower:

Average time to find a hex color by maximum sum of digits
Maximum sum # of refreshes Approximate time
0 144 12 minutes
1 75 6 minutes 15 seconds
2 46 3 minutes 50 seconds
3 31 2 minutes 35 seconds
4 21 1 minute 45 seconds
5 15 1 minute 15 seconds

Rules 32 & 33 (must include length, which must be a prime number)

101 is the prime number whose digits have the lowest sum, and it happens to be a reasonable length for your password. I add several periods to my password to get it up to 101 characters, and then remove a few for the current time.

Rule 35 (current time)

Once you know about how long it'll take you to to complete all the previous rules, it helps to start such that you're likely to finish by 10:00 or 1:00. Or you could modify the time on your computer to be one of those times. After you submit your password, copy it when it asks "is this your final password?" and paste it back in so you don't have to completely retype it. You may have to fix some of the formatting though. After that, you've beaten The Password Game!

Methods & calculations used

I put the Python scripts I wrote on GitHub; I'll link to individual scripts as I discuss them. The main libraries I used are:

Digits in CAPTCHAs

I tried a few methods of gathering a list of all CAPTCHAs in the game. When I searched a few of the CAPTCHAs to see if the list was online, I found the larger set of CAPTCHA images they came from. Then I realized the game's JavaScript has a list of every CAPTCHA used:

  "2b827","2cg58","2g783","2x7bm","2ycn8","3bd8f","3bfnd","3den6","3ebnn","3nw7w","3ny45","3p4nn","3pe4g","3w2bw","4cn7b","4dgf7","5n245","5ng6e","6dd2y","6e6pn","6gnm3","6p7gx","6xxdx","7gmf3","7wnpm","7wyp4","7xd5m","7y2x4","8c23f","8gecm","8n5pn","8pfxx","8w754","8y63f","25egp","28x47","33p4e","34pcn","44xe8","47e4p","53wb8","58b5m","64m82","66wp5","73mnx","74eyg","75pfw","77n6g","88y52","264m5","387g2","573d8","52447","b5nmm","b6f2p","b28g8","b84xc","bbymy","bdg84","be3bp","bgd4m","bnc2f","bny4w","bw6n6","bw44w","c2fb7","c2pg6","c86md","cdcb3","cen55","cfc56","cffp4","cgcgb","cnwyc","cpc8c","d6fcn","d22bd","d378n","dbex3","dbfen","dd5w5","de45x","dn5df","dn26n","dpbyd","e7x45","ebcbx","ec6pm","ecd4w","en4n4","f6ne5","f75cx","fc6xb","g78gn","gc277","gfp54","ggd7m","gnc3n","gny6b","gw53m","m67b3","m3588","mgw3n","mm3nn","mp7wp","myc3c","n2by7","n3ffn","n373n","nbcgb","nbf8m","nbfx5","nbp3e","nc4yg","ndyfe","nf8b8","ng2gw","nnfx3","nnn5p","nnn57","ny8np","p2m6n","p4pde","pcede","pdyc8","pf5ng","pm363","pmf5w","w8f36","w52fn","wc2bd","wce5n","wg625","x3fwf","x4f7g","x4gg5","x6b5m","x38fn","xbcbx","xe8xm","xgcxy","xngxc","y4n6m","y5dpp","y5w28","y7mnm","y7x8p","yd755","yf424"

I copied this to a text file and calculated the sum of digits in each CAPTCHA:

Bar graph of how many CAPTCHAs have what sums.

The sums range from 0 to 24 and out of 149 CAPTCHAs, 12 of them have a sum of 0. It's also slightly more likely you'll get one with a low sum than a high one.

How long to get a CAPTCHA with no digits

With a 12/149 or 8.1% chance of getting a CAPTCHA whose sum is zero, how many times would you have to refresh to get one? I eventually learned this is a geometric distribution and the average number of attempts would be 149/12, or 12.4. (I previously used the Monte Carlo method and simulated refreshing the CAPTCHA until getting one with no digits 10,000 times.)

I timed myself refreshing the CAPTCHA in the game and found it takes about one second to read the CAPTCHA, tell if it has digits or not, and hit refresh. So, no more than 12 seconds to find one with no digits on average. I'm interested in a better time estimate though, what about how long it'll take 75-90% of the time? Turns out it takes no more than 17 seconds 75% of the time, and 28 seconds 90% of the time.

How many chess solutions end in check

Like the CAPTCHAs, the game's JavaScript contains a list of all chess puzzles in the game. (I put this list in a separate file because it's quite long.) For each puzzle, the solution (sol) is what I'm mainly interested in, though I looked up what "fen" was and found out it's the Forsyth-Edwards notation of which pieces are where on the board. I wrote a regular expression to find all the chess moves in the file and counted a total of 193 moves, 184 ending in check.

Atomic symbols in chess moves

In the same script as above, I used this periodic table in CSV format to count how many times each element appears in the chess puzzle solutions. This gives the following plot, which I've annotated:

Graph of the frequency of atomic numbers in the chess puzzle solutions. Most have no element, there are small clusters below 10 and above 100, and a few are scattered in the middle.

And the following text output:

Total moves: 193
Moves ending in check: 184
Moves containing an element: 80 

Atomic Number  Element
4              Be          3
5              B          14
7              N          15
10             Ne          7
19             K           1
41             Nb          1
45             Rh          8
60             Nd          3
75             Re          7
88             Ra          1
104            Rf          6
107            Bh          3
111            Rg          9
113            Nh          2
Name: count, dtype: int64

Digits in YouTube URLs