Monday, December 11, 2006
Article about bad passwords has bad advice
If you have flimsy passwords, other people have bad passwords that are easy to guess as well.
Most of the article talks about tactics for creating passwords, but they aren't safe, and the article even explains why:
Randomness is your best friend when you make a strong password. If you open the dictionary at random three times and pick a word at random each time, you'll have a decent password, certainly good enough to make a crook try elsewhere. Make up a story to go with your random words. For example, if you picked "inside", "abyss", and "fugacious", you could create a mental picture of being inside an ocean bottom that was running away. A punctuation character or two might fit your surreal story and would make a password guessing program work even harder. If you don't have a dictionary but do have dice, roll the dice and pick corresponding words from the lists at Diceware.
Size does matter. If you're using letters and numbers chosen at random (no, patterns on the keyboard are not random) then you need 9 of them for solid security though 8 might work for less important passwords. Again, you can start with randomness and make up a story to memorize it: "bmR2Xeka" you could turn into a sentence whose first letters come from the password. It's easier to memorize "be my Rolex. 2 Xeroxes eat kangaroo aortas".
|
Most of the article talks about tactics for creating passwords, but they aren't safe, and the article even explains why:
"These days hackers have massive dictionaries, all English words and common names. They will include popular fictional characters as well," [computer science professor John Black] says. "The programs not only try all these passwords, they try putting a little punctuation around it."
Randomness is your best friend when you make a strong password. If you open the dictionary at random three times and pick a word at random each time, you'll have a decent password, certainly good enough to make a crook try elsewhere. Make up a story to go with your random words. For example, if you picked "inside", "abyss", and "fugacious", you could create a mental picture of being inside an ocean bottom that was running away. A punctuation character or two might fit your surreal story and would make a password guessing program work even harder. If you don't have a dictionary but do have dice, roll the dice and pick corresponding words from the lists at Diceware.
Size does matter. If you're using letters and numbers chosen at random (no, patterns on the keyboard are not random) then you need 9 of them for solid security though 8 might work for less important passwords. Again, you can start with randomness and make up a story to memorize it: "bmR2Xeka" you could turn into a sentence whose first letters come from the password. It's easier to memorize "be my Rolex. 2 Xeroxes eat kangaroo aortas".
# posted by Frederick @ 11:33 PM Email to a friend:
Haloscan: they provide trackback