Thursday, January 11, 2007
Summarizing an excellent piece about passwords
From my favorite security writer, Bruce Schneier, comes a detailed discussion of password guessing programs, other threats, and what makes a good password.
Some key points:
There are several suggestions about how to create a password in the article. I still recommend a mathematically random password. Either make up a story based on it so you can memorize it, or write it down and keep it someplace safe like your wallet, a locked cabinet at work, a safe depoit box, in a cave at the Mountains of Eternity guarded by the Dragons of Doom, depending on how secure it needs to be.
|
Some key points:
- Were you considering adding a few numbers or letters to the end of a word? Forget about it.
- Even nonsense may be guessable if it can be pronounced. One password guessing program knows how to generate pronounceable English babble: it will try thing like "bloror" and "quetop".
There are several suggestions about how to create a password in the article. I still recommend a mathematically random password. Either make up a story based on it so you can memorize it, or write it down and keep it someplace safe like your wallet, a locked cabinet at work, a safe depoit box, in a cave at the Mountains of Eternity guarded by the Dragons of Doom, depending on how secure it needs to be.
# posted by Frederick @ 8:40 AM Email to a friend:
Haloscan: they provide trackback