Password Game strategy & statistics

Last major revision May 5, 2025

Edited Aug 13, 2025 for clarity and style

In The Password Game, you must create a password that meets increasingly absurd requirements, many of which build on each other—satisfying one could invalidate several others.

How to solve
Methods & calculations

How to solve

Rule 9 (Roman numerals must multiply to 35)

Use XXXV. If you used any capital letters when completing previous rules, lowercase them.

Explanation: Uppercase letters are often recognized as atomic symbols (see rule 18). XXXV is the Roman numeral 35; the only atomic symbol in it is V (atomic number 23). Any other set of Roman numerals that multiply to 35 will include extra V's and I's.

Rule 10 (CAPTCHA)

Refresh until you get a CAPTCHA with no digits; it takes about 17-28 seconds.

Rule 12 (two-letter atomic symbol)

You could add any two-letter atomic symbol and remove it later if you need to. "He" is the smallest though.

Rule 14 (Geoguessr)

This doesn't disrupt any of the other rules, but since I suggest starting the game over if you get certain chess puzzles, I figured I'd tell you how I get past this one. I look around to see if I can find the names of any streets, businesses, websites, etc and search for them. Most of the locations with no writing are distinct landmarks, so I Google Lens those.

Rule 15 (leap year)

Use the year 0.

Rule 16 (chess)

Lichess is a good place to learn how to play chess. 95% of the time you're looking to put your opponent in check (putting one of your pieces one move away from capturing their king). The notation for your move will include, in order:

A capital letter R, N, B, Q, or K if you moved a rook, knight, bishop, queen, or king, respectively. (No capital letter if you moved a pawn.)
A lowercase x if your move captured a piece.
The lowercase letter a-h of the column you moved to.
The number 1-8 of the row you moved to.
A plus sign if your move put the opponent in check.

There are other things algebraic chess notation can indicate, but none of the solutions in this game use them.

10% of the solutions start with Bh, Nh, Rf, or Rg which have atomic numbers over 100. If you get one of those, it's probably worth starting the game over. Copy your password, refresh the page, paste it back in, and fix the CAPTCHA and Geoguessr country if you need to.

Rule 18 (atomic numbers must add to 200)

Any elements in your password should be highlighted in red. The only necessary ones are the V in XXXV, the one in your chess move if it had one, and a two-letter atomic symbol if the chess move didn't have one.

Start from 200 and subtract the atomic numbers of the elements in your password. If an element with that number exists and doesn't contain a Roman numeral, add it. If not, find two elements that add to the number you need.

Rule 24 (YouTube URL)

First, you need to find videos of the length you need. If the length is under 5 minutes, say 3:57, looking up "site:youtube.com "0:00 / 3:57"" on Google will get a bunch of videos of that length. If you're using Chrome, this also works with longer lengths. Some people report it working on other browsers by spoofing their user agent, but I haven't gotten that working personally. Instead, say the length I need is 20:34, I'd look up "20 minutes 34 seconds" on YouTube directly and try videos that are actually that long (plus or minus one second, which may be close enough to count) until I find a good one. It's a lot harder to find ones without Roman numerals or very high elements than it is to find ones with few digits. Also, the game accepts youtu.be links (e.g. youtu.be/cZFhf23SUoQ) if you want to keep your password tidy.

Rule 28 (hex color)

Refresh the color until you get one with a sum of 5 or fewer; it takes a little over a minute.

Rules 32 & 33 (must include length, which must be a prime number)

101 is the prime number whose digits have the lowest sum, and it happens to be a reasonable length for your password. I add several periods to my password to get it up to 101 characters, and then remove a few for the current time.

Rule 35 (current time)

Once you know about how long it'll take you to to complete all the previous rules, it helps to start such that you're likely to finish by 10:00 or 1:00. Or you could set your computer's clock to one of those times. After you submit your password, copy it when it asks "is this your final password?" and paste it back in so you don't have to completely retype it. You may have to fix some of the formatting though. After that, you've beaten The Password Game!

Methods & calculations

I put the Python scripts I wrote on GitHub; I'll link to individual scripts as I discuss them. The main libraries I used are:

pandas for reading and manipulating data
matplotlib.pyplot for making graphs
scipy.stats for calculating probability distributions

Digits in CAPTCHAs

I tried a few methods of gathering a list of all CAPTCHAs in the game. When I searched a few of the CAPTCHAs to see if the list was online, I found the larger set of CAPTCHA images they came from. Then I realized the game's JavaScript has a list of every CAPTCHA used:

"2b827","2cg58","2g783","2x7bm","2ycn8","3bd8f","3bfnd","3den6","3ebnn","3nw7w","3ny45","3p4nn","3pe4g","3w2bw","4cn7b","4dgf7","5n245","5ng6e","6dd2y","6e6pn","6gnm3","6p7gx","6xxdx","7gmf3","7wnpm","7wyp4","7xd5m","7y2x4","8c23f","8gecm","8n5pn","8pfxx","8w754","8y63f","25egp","28x47","33p4e","34pcn","44xe8","47e4p","53wb8","58b5m","64m82","66wp5","73mnx","74eyg","75pfw","77n6g","88y52","264m5","387g2","573d8","52447","b5nmm","b6f2p","b28g8","b84xc","bbymy","bdg84","be3bp","bgd4m","bnc2f","bny4w","bw6n6","bw44w","c2fb7","c2pg6","c86md","cdcb3","cen55","cfc56","cffp4","cgcgb","cnwyc","cpc8c","d6fcn","d22bd","d378n","dbex3","dbfen","dd5w5","de45x","dn5df","dn26n","dpbyd","e7x45","ebcbx","ec6pm","ecd4w","en4n4","f6ne5","f75cx","fc6xb","g78gn","gc277","gfp54","ggd7m","gnc3n","gny6b","gw53m","m67b3","m3588","mgw3n","mm3nn","mp7wp","myc3c","n2by7","n3ffn","n373n","nbcgb","nbf8m","nbfx5","nbp3e","nc4yg","ndyfe","nf8b8","ng2gw","nnfx3","nnn5p","nnn57","ny8np","p2m6n","p4pde","pcede","pdyc8","pf5ng","pm363","pmf5w","w8f36","w52fn","wc2bd","wce5n","wg625","x3fwf","x4f7g","x4gg5","x6b5m","x38fn","xbcbx","xe8xm","xgcxy","xngxc","y4n6m","y5dpp","y5w28","y7mnm","y7x8p","yd755","yf424"

I copied this to a text file and calculated the sum of digits in each CAPTCHA:

Bar graph of how many CAPTCHAs have what sums.

The sums range from 0 to 24 and out of 149 CAPTCHAs, 12 of them have a sum of 0. It's also slightly more likely you'll get one with a low sum than a high one.

How long to get a CAPTCHA with no digits

With a 12/149 or 8.1% chance of getting a CAPTCHA whose sum is zero, how many times would you have to refresh to get one? I eventually learned this is a geometric distribution and the average number of attempts would be 149/12, or 12.4. (I previously used the Monte Carlo method and simulated refreshing the CAPTCHA until getting one with no digits 10,000 times.)

I timed myself refreshing the CAPTCHA in the game and found it takes about one second to read the CAPTCHA, tell if it has digits or not, and hit refresh. So, no more than 12 seconds to find one with no digits on average. I'm interested in a better time estimate though, what about how long it'll take 75-90% of the time? Turns out it takes no more than 17 seconds 75% of the time, and 28 seconds 90% of the time.

How many chess solutions end in check

Like the CAPTCHAs, the game's JavaScript contains a list of all chess puzzles in the game. (I put this list in a separate file because it's quite long.) For each puzzle, the solution (sol) is what I'm mainly interested in, though I looked up what "fen" was and found out it's the Forsyth-Edwards notation of which pieces are where on the board. I wrote a regular expression to find all the chess moves in the file and counted a total of 193 moves, 184 ending in check.

Atomic symbols in chess moves

In the same script as above, I used this periodic table in CSV format to count how many times each element appears in the chess puzzle solutions. This gives the following plot, which I've annotated:

Graph of the frequency of atomic numbers in the chess puzzle solutions. Most have no element, there are
small clusters below 10 and above 100, and a few are scattered in the middle.

And the following text output:

Total moves: 193
Moves ending in check: 184
Moves containing an element: 80 

Atomic Number  Element
4              Be          3
5              B          14
7              N          15
10             Ne          7
19             K           1
41             Nb          1
45             Rh          8
60             Nd          3
75             Re          7
88             Ra          1
104            Rf          6
107            Bh          3
111            Rg          9
113            Nh          2
Name: count, dtype: int64

Digits in hex codes

There are 16,777,216 possible colors and only a 0.7% chance of getting one that won't add digits. I got invested in the math behind calculating how many hex codes have a given sum, so I wrote a separate post about that.

Between keeping Paul fed and using a color picker tool, checking each color will take a bit longer than checking the CAPTCHAs; let's say it takes 5 seconds:

Average time to find a hex color by maximum sum of digits
Maximum sum	# of refreshes	Approximate time
0	144	12 min
1	75	6 min 15 sec
2	46	3 min 50 sec
3	31	2 min 35 sec
4	21	1 min 45 sec
5	15	1 min 15 sec

The Password Game: strategy & statistics