Strong Passwords For All
Whether or not one is familiar with Information Systems Security, the concept of the “weakest link” is –I believe– quite easy to understand.
Let’s imagine a lion is chasing us, and while you might be trying to outrun the lion, I’ll just be trying to outrun you. Yes, a very simple concept indeed...
I hope you understand now–if you didn’t before–why some systems keep refusing your “abc123” password. The topics of password strength as well as social engineering are well covered, but it certainly doesn’t hurt to have one more post even if I am echoing others, on the contrary.
*One* of the ideas that *can* be at the core of designing a -human- strong password is to embed the code inside another code. The more personal and original the better, as long as you can remember it.
If you can’t remember your code it’s either that you’ve seen too many spy movies or that you’re ready for a memory implant.
Anything goes here, but here are some well known methods:
-Pick a sentence and use some of the letters, numbers, and special characters to create your password.
Example
Sentence: In 2010 abc is *still* not a good password
Password: i2ai*s*nagp
-Speak 1337 and make sure you stick to your own “leet” alphabet otherwise you really are going to need this memory implant...
Example
Password:badpassword
Leet translation: b@dp@ss\/\/0rd
-Speak 1337 within your sentence (and watch out for paranoïa)
Example
Sentence: You are soooooo leet compared to all these newbies
Leet translation: j00 @|23 $000000 1337 c0mp@|23d 70 @11 7h3$3 n3wb13$
Password: j@$1c7@7n
Oh and if you think that biometric authentication is the way out of the passwords’ chaos, check this EFF article, and watch Gattaca you might change your mind.
Categories
Tags
Tagnetic Poetry by Roy Tanck and Merel Zwart requires Flash Player 9 or better.
My Delicious
Blogs I Read
- Danger Room @ Wired
- IT @ Slash Dot
- Linux @ SlashDot
- Mac Os X Hints
- MacResearch
- Nik Cubrilovic @ Tech Crunch
- Open Source @ Ars Technica
- Presentation Zen
- Robots.net
- Stay Safe Online
- Threat Level @ Wired
- Transnets (in French)
Books
Planned books:
None
Current books:
-
DNS and BIND, Fourth Edition by Paul Albitz, Cricket Liu
-
The Mathematical Theory of Communication by Claude E Shannon, Warren Weaver
Recent books:
- Apple Training Series: Xsan 2 Administration: A Guide to Designing, Deploying, and Maintaining Xsan by Robert Kite
- Snow Crash (Bantam Spectra Book) by Neal Stephenson
- The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh
- Apple Pro Training Series: Getting Started with Final Cut Server by Matthew Geller
- Logicomix: An Epic Search for Truth by Apostolos Doxiadis, Christos Papadimitriou
January 13th, 2010 - 01:39
I just read this TechCrunch article about a crack on Twitter based on weak passwords it totally relates to my original post…
The Anatomy Of The Twitter Attack
January 22nd, 2010 - 23:16
Another trick I didn’t mention when designing your strong passwords is to create your “code within the code” linked to the password target. It is a pretty decent way to fight the very bad habit of using “one password to rule them all”. A good example of use for this tactic is for websites that require authentication while using say the URL to build your sentence. Got it?