Wednesday, January 10, 2007
Review of an article about passwords
There's mostly good advice in an article by Nick Gibson about choosing good passwords. His advice won't hurt you, and he does a good job explaining what the threats are. It's much better than the usual password article.
Well, of course I have quibbles.
Don't take him literally when he's explaining how weak a four-character PIN is and says "a cracker will need only 5000 attempts [on average] per password, which a computer can run through in a matter of seconds". In "seconds", any computer outside a museum can go through millions of attempts.
He offers the advice of taking the first letters of each word in lyrics of a song or something like that. Ennh. That works until password crackers start browsing sites with song lyrics and adding those to their collection of things to try. It's safer to start with a string of unrelated letters and numbers from a random number generator or a string of unrelated words from Diceware and make up a story to help memorize them.
|
Well, of course I have quibbles.
Don't take him literally when he's explaining how weak a four-character PIN is and says "a cracker will need only 5000 attempts [on average] per password, which a computer can run through in a matter of seconds". In "seconds", any computer outside a museum can go through millions of attempts.
He offers the advice of taking the first letters of each word in lyrics of a song or something like that. Ennh. That works until password crackers start browsing sites with song lyrics and adding those to their collection of things to try. It's safer to start with a string of unrelated letters and numbers from a random number generator or a string of unrelated words from Diceware and make up a story to help memorize them.
# posted by Frederick @ 9:16 AM Email to a friend:
Haloscan: they provide trackback