The difference between a good password and a bad one is a matter of patience--usually lack of patience on the part of the human user and the endless patience of computers. Because good passwords are hard to come up with and even harder to memorize, most people opt for the simple and memorable. A pet's name and your age sounds pretty good. It has letters and numbers, and you won't forget it.
Actually, Boots37 is a terrible password. Crackers use robotic programs to try endless lists of possibilities, and Boots just doesn't cut it. It has a word that appears in the dictionary (a definite no-no), and it wouldn't take long for a password cracker to discover the last two characters.
Even with more robust passwords, there are programs that will rapidly search different combinations for hours or days, even months if it takes that long--just keep the computer plugged in and you'll never sense so much as a sigh from its circuitry. Robots are tireless, and they just never get bored.
So, What's Good?
Password crackers use dictionary searches, so words or phrases like "Open, Sesame" are no good--not even spelled backwards. And numbers shouldn't be used in recognizable sequences like 12345 or 10987. Longer passwords are better than shorter--say a minimum of seven characters--and mix in a few keyboard symbols with the alphanumeric characters. Alternate upper and lower cases, stir, and you'll get something like: LRZ&BM!xY, or bvw16Jse#, or 0N3FrgePx. All good solid passwords (they were created by a computerized password generator), but how are you supposed to memorize these things?
How about something like: nGng2+Ths1? It has all the elements of the previous three, but it's much easier to remember because buried in it is the challenge: n(ot) G(oi)ng 2(to) + (add) Th(i)s 1(one). The key is coming up with something you recognize that others might not see as easily.
You can find an exotic example of this principle of personalization on the Microsoft research pages online at http://research.microsoft.com/ displayArticle.aspx?id=417. There you will find the explanation of an experiment with inkblot passwords. Using a computer program to generate inkblots like the ones above, the researchers printed 10 of them on a page and asked people to write a short abbreviation of what they saw in each design. Naturally, not everyone saw and described the same thing. Then each subject was asked to take the first letter and last letter of each description and arrange the five pairs into a 10-letter string. That was the password.
For instance, figure (1) sort of looks like a kid falling through a green object, so you might write falling boy. Those letters would be fb. The second is, perhaps, an exercising giant. The letters would be eg. The first four letters in the string, then, would be fbeg.
What's so unusual about the process is how the memory of the person's description persisted. After writing the phrases several time, and in different orders, a final order was memorized and the strong password created. In the Microsoft study, 20 out of 25 people remembered their password the next day, and 18 out of 25 remembered it a week later.
Now, you may not be ready for cheat sheets of ink blots, but there's a potential here for environments where passwords have to be strong and changed often. Even if someone caught a glimpse of your inkblots on your bulletin board, it's not likely they would be able to guess how you described each picture.
For now, there's a time-tested memory trick that you can use to create highly personalized strong passwords. Remember the mnemonics you used in school? Maybe it was a biology teacher trying to get you to memorize the classifications: Kingdom, Phylum, Class, Order, Family, Genus, Species. That became the sentence: King Philip came over for ginger snaps. Or the music notes that go on the lines (EGBDF) that you learned with: Every good boy deserves fudge. Mnemonic sentences often sound foolish, but that's part of how they work.
Translate the process to passwords, and you can make keys like SF( _ )Mrpp. This string of 11 characters should take quite a while to crack, but it's very easy to remember. It's an abbreviation of the nonsensical statement: Soluble Fish ( _ ) Make really poor pets. I included the empty fish bowl, made out of a left parenthesis, space, underline, space, right parenthesis, to add five apparently meaningless symbol characters to harden the key. Remember, the longer the key, the better it is.
If you don't like sentences, you can create abbreviated lists. A personal signature could include a head-to-toe inventory beginning with hat size and hair color. A favorite meal of several courses or steps in changing a tire or knitting a mitten--the possibilities are endless. And it's a good thing because computers loaded with password-cracking programs don't need sleep and never give up.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Tech Forum|
|Date:||Sep 1, 2003|
|Previous Article:||Quality sound.|
|Next Article:||Legal liability for your financial reporting?|
|THOUGHT for the DAY.|
|ViewpointsWe still follow the message.|