The Password Game: strategy & statistics

Last updated April 19, 2025

Under construction!!

In The Password Game, you must choose a password while meeting increasingly absurd requirements. Many of the rules build on each other, so satisfying one could invalidate several others. This is what I will be focusing on in this guide. I was previously interested in attempting to create the shortest password, but watching a few speedruns that aim for minimum characters satisfied my curiosity and I highly doubt I could do better than 53 characters (the current record).

The relevant rules

  1. Rule 5: The digits in your password must add up to 25.
  2. Rule 9: The Roman numerals in your password should multiply to 35.
  3. Rule 10: Your password must include this CAPTCHA: [randomly selected CAPTCHA]
  4. Rule 12: Your password must include a two letter symbol from the periodic table.
  5. Rule 15: Your password must include a leap year.
  6. Rule 16: Your password must include the best move in algebraic chess notation. [randomly selected chess puzzle]
  7. Rule 18: The elements in your password must have atomic numbers that add up to 200.
  8. Rule 24: Your password must include the URL of a [randomly selected length] YouTube video.
  9. Rule 28: Your password must include this color in hex: [randomly selected color]
  10. Rules 32 & 33: Your password must include the length of your password; The length of your password must be a prime number.
  11. Rule 35: Your password must include the current time.

How to solve them

Rule 5

Pick something like 55555 or 997 to start with and subtract from it as you go.

Rule 9

XXXV (35) is the best option; the only element in it is a single V (atomic number 23), whereas VII V (7 * 5) has two I's and two V's (2*23 + 2*53 = 152).

Rule 10

Refresh until you get a CAPTCHA with no digits (there are none with the digit 0 in them). There are 149 possible CAPTCHAs; 12 have no digits. If it takes 1 second to check if a CAPTCHA contains digits and hit refresh, on average it will take 12 seconds to find one with no digits.

Rule 12

Between the chess puzzle and YouTube URL, you'll probably end up including a two-letter atomic symbol eventually. For now, use He (atomic number 2) and remove it later if you want or need to.

Rule 15

Use the year 0. (Some people argue that's not a real year, but the game accepts it.)

Rule 16

Lichess is a good place to learn how to play chess. The solution to 184 of the 193 puzzles puts your opponent in check (with your piece one move away from capturing their king), so that narrows down what to look for. The notation for your move will include, in order:

  1. A capital letter R, N, B, Q, or K if you moved a rook, knight, bishop, queen, or king, respectively. (No capital letter if you moved a pawn.)
  2. A lowercase x if your move captured a piece.
  3. A lowercase letter a-h indicating which column you moved to.
  4. A number 1-8 indicating which row you moved to.
  5. A plus sign if your move put the opponent in check.

There are other things algebraic chess notation can indicate, but none of the solutions in this game use them. As for the atomic numbers, you usually won't have too hard of a time:

Graph of the frequency of atomic numbers in the chess puzzle solutions. Most have no element, there are small clusters below 10 and above 100, and a few lie in the middle.

113 of the solutions don't contain an element, and 32 have an element numbered 10 or lower, so there's a 75.1% chance your YouTube URL can contain elements that add up at least to 190. However, 20 of the solutions (10.4%) contain Bh, Nh, Rf, or Rg which have atomic numbers over 100. If you get one of those, it may be worth it to start the game over and try for a different puzzle. Copy your password so far and paste it back in after refreshing the page, then fix the CAPTCHA and Geoguessr country if you get different ones.

Rule 18

Any elements in your password should be highlighted in red. Note that the only completely necessary ones are the V in your Roman numeral, the one in your chess solution if it had one, and an additional two-letter atomic symbol if you need it. Every other rule so far can be in all lowercase. Start from 200 and subtract the atomic numbers of the elements in your password, then add the element with that number (if it exists and is valid—if you need elements that add to 120, you could use Og and He (118+2); if you need elements that add to 57, you can't use La due to the Roman numeral L but you can use Ba and H (56+1).)

Rule 24

First, you need to find videos of the length you need. If the length is under 5 minutes, say 3:57, looking up "site:youtube.com "0:00 / 3:57"" on Google will get a bunch of videos of that length. If you're using Chrome, this also works with longer lengths. (Some people report it working on other browsers by spoofing their user agent, but I haven't gotten that working personally.) Instead, say the length I need is 20:34, I'd look up "20 minutes 34 seconds" on YouTube directly and try videos that are actually that long (plus or minus one second, which may be close enough to count) until I find a good one. In my experience, the hardest limits are finding ones without Roman numerals or very high elements. Also, the game accepts youtu.be links (e.g. youtu.be/cZFhf23SUoQ) if you want to keep your password tidy.

Rule 28

There are 16,777,216 possible colors and only a 0.7% chance of getting one that won't add digits. You probably have room for a few digits, though. After this rule, the only other digits you need are the prime-number length of your password (101 should be reasonable) and the time when you complete the game (you can plan ahead so that's 1:00 or 10:00). Between keeping Paul fed and using a color picker tool, checking each color will take a bit longer than checking the CAPTCHAs; let's say it takes 5 seconds.

Average time to find a hex color by maximum sum of digits
Maximum sum # of refreshes Approximate time
0 144 12 minutes
1 75 6 minutes 15 seconds
2 46 3 minutes 50 seconds
3 31 2 minutes 35 seconds
4 21 1 minute 45 seconds
5 15 1 minute 15 seconds

Finding a color with digits that add to 5 or lower takes a little over a minute, and if you know you can afford more digits you can find a suitable color even faster.

Rules 32 & 33

101 is the prime number whose digits have the lowest sum, and it happens to be a reasonable length for your password. I add several periods to my password to get it up to 101 characters, and then remove a few for the current time.

Rule 35

Perhaps you got lucky and still have a few digits to work with here, but once you know about how long it'll take you to to complete all the previous rules, it helps to start such that you're likely to finish by 10:00 or 1:00. Or you could modify the time on your computer to be one of those times, I don't do that though. After you submit your password, copy it when it asks "is this your final password?" and paste it back in so you don't have to completely retype it. You may have to fix some of the formatting though. After that, you've beaten The Password Game!

Methods & calculations used

CAPTCHA sums

I tried a few methods of gathering a list of all CAPTCHAs in the game. When I searched a few of the CAPTCHAs to see if the list was online, I found the larger set of CAPTCHA images they came from. Then I realized the game's JavaScript has a list of every possible CAPTCHA:

  "2b827","2cg58","2g783","2x7bm","2ycn8","3bd8f","3bfnd","3den6","3ebnn","3nw7w","3ny45","3p4nn","3pe4g","3w2bw","4cn7b","4dgf7","5n245","5ng6e","6dd2y","6e6pn","6gnm3","6p7gx","6xxdx","7gmf3","7wnpm","7wyp4","7xd5m","7y2x4","8c23f","8gecm","8n5pn","8pfxx","8w754","8y63f","25egp","28x47","33p4e","34pcn","44xe8","47e4p","53wb8","58b5m","64m82","66wp5","73mnx","74eyg","75pfw","77n6g","88y52","264m5","387g2","573d8","52447","b5nmm","b6f2p","b28g8","b84xc","bbymy","bdg84","be3bp","bgd4m","bnc2f","bny4w","bw6n6","bw44w","c2fb7","c2pg6","c86md","cdcb3","cen55","cfc56","cffp4","cgcgb","cnwyc","cpc8c","d6fcn","d22bd","d378n","dbex3","dbfen","dd5w5","de45x","dn5df","dn26n","dpbyd","e7x45","ebcbx","ec6pm","ecd4w","en4n4","f6ne5","f75cx","fc6xb","g78gn","gc277","gfp54","ggd7m","gnc3n","gny6b","gw53m","m67b3","m3588","mgw3n","mm3nn","mp7wp","myc3c","n2by7","n3ffn","n373n","nbcgb","nbf8m","nbfx5","nbp3e","nc4yg","ndyfe","nf8b8","ng2gw","nnfx3","nnn5p","nnn57","ny8np","p2m6n","p4pde","pcede","pdyc8","pf5ng","pm363","pmf5w","w8f36","w52fn","wc2bd","wce5n","wg625","x3fwf","x4f7g","x4gg5","x6b5m","x38fn","xbcbx","xe8xm","xgcxy","xngxc","y4n6m","y5dpp","y5w28","y7mnm","y7x8p","yd755","yf424"

I copied this to a text file named "captchas" and wrote a Python script to list the sum of each CAPTCHA.

import re

# track how many captchas have what sums
sum_counts = [0] * 26

# capture from captchas file (one line of alphanum strings enclosed in quotes)
captcha_list = open("captchas", "r").readline()
pattern = re.compile(r"\"([a-z0-9]+)\"")

# for each captcha, sum the digits in it
for match in re.finditer(pattern, captcha_list):
    sum_of_digits = sum(int(char) for char in match.group(1) if char.isdigit())
    # increment the appropriate sum count
    if sum_of_digits < 25:
        sum_counts[sum_of_digits] += 1
    else:
        sum_counts[25] += 1

# print results
print("Total CAPTCHAs:", sum(sum_counts), "\n")
print("Sum:\t# of CAPTCHAs:")
for i, count in enumerate(sum_counts[0:24]):
    print(i, "\t", count)
print(">=25\t", sum_counts[25])

This gives the following results:

Total CAPTCHAs: 149

Sum:    # of CAPTCHAs:
0        12
1        0
2        3
3        13
4        7
5        9
6        5
7        9
8        15
9        8
10       9
11       11
12       10
13       6
14       1
15       5
16       7
17       5
18       3
19       1
20       4
21       1
22       1
23       2
24       2
>=25     0

How long until a no-digit CAPTCHA?

Now that we know the chance of getting a CAPTCHA with a sum of 0 is 12/149, time to figure out how many times you have to refresh to get one. I thought about calculating that mathematically, but decided to use the Monte Carlo method and simulate refreshing the CAPTCHA until I got one with no digits 10,000 times.

import random
import numpy as np
import matplotlib.pyplot as plot

# set plot labels
plot.title("Refreshes until CAPTCHA with no digits")
plot.xlabel("Number of refreshes")
plot.ylabel("Frequency")

# probability of getting desired result
chance_of_result = 12/149
# estimated time it takes to try for the result in real life
seconds_per_attempt = 1
# number of times to run the simulation
num_trials = 10000
# will hold how many attempts it took in each trial
attempts_per_trial = []

# simulate trying for the desired result until you get it
for trial in range(num_trials):
  attempts = 0
  result = random.random() 
  while (not result < chance_of_result):
    result = random.random()
    attempts += 1
  # log how many attempts it took
  attempts_per_trial.append(attempts)

# print average number of attempts until desired result
avg_attempts = np.mean(attempts_per_trial)
print(avg_attempts, "attempts")

# print estimated time until desired result
time = avg_attempts * seconds_per_attempt
print(time // 60, "minutes", time % 60, "seconds")

# plot the data
plot.hist(attempts_per_trial, bins=range(max(attempts_per_trial)))
plot.show()

I ran the program and got an average of 11.5394 refreshes and the following plot:

Graph of how many refreshes it took to get a CAPTCHA with no digits across 10,000 trials. The highest point is at 0, with over 700 trials not requiring any refreshes. It quickly decreases then tapers off from there, with the tail end around 80 refreshes.

Chess