Skip to main content

How to create a 'super password' - CNN.com

The KeePass Password Safe icon.Image via WikipediaParanoia can be a harsh mistress.

The problem is not memory, the problem is attitude. People are too god dam casual about these passwords until it is too late. Lose your password to your Google account and all of your Gmail, Picasa, Calendar, Address Book, Blogger, etc. are at risk. Some of those Google-secured connections are directly connected to money. For example, your AdWords account is accessed through a Google login.

The more places you use these accounts, the more paranoid you need to be because it WILL happen to you too.

And please, it is not just a matter of making the password long! Please STOP using real English words as passwords! There is something called a dictionary attack that allows a miscreant to quickly figure out a password. If you use a word that can be found in a common language, be assured that it WILL find yours.

The article has good advice. Go for 11 or more characters, a phrase would be even better. And be wary of any website that won't allow you to type in at least 12-16 characters, it is a red flag for other security problems.

If you have trouble remembering passwords, then try to use a keyring application. Macs have one built into the operating system, and you can also use something like KeePass that runs on almost every major operating system and even on smart phones. With an application like this, you just need to remember one strong password, then you can use longer and much harder to remember passwords for your online activities.

Thanks to KeePass I have certain accounts protected with passwords that are random strings of 32 characters. If you had 10,000 computers that could run in parallel, each trying 500,000 passwords per second, it would take up to 2.8420938392451628e+22 years to crack a 20-character password! The calculator that I found online couldn't even calculate it for 32 characters :-)

This of course assumes that no new technology arrives that allows computers to bridge that computational gap. Using 99,999,999 passwords per second, and 999,999 computers available to run in parallel, we are still talking up to 1421048354881405700 years to crack a 20-character password.

Another thing that was not discussed in the article? Biometrics. A combination of biometrics and two-factor authentication (like with the RSA dongles or soft keys) would be horribly hard to defeat, assuming that the physical aspects of the biometric reader can't be attacked. It doesn't matter how good is the software part of the biometrics package if you can fake a fingerprint like in the movies!
Related articles by Zemanta
Labels:

Comments

Post a Comment

Popular posts from this blog

On sleep deprivation and Incan Monkey Gods

From: Dilbert comic strip for 08/03/1992 from the official Dilbert comic strips archive. I was trying to show this strip to a coworker who is dangerously toying with the harsh mistress that is Insomnia. What shocked me is how quickly I was able to look up the strip, which was published when he was just 11 years old, and two weeks before my just-out-of-college ass shipped out to US Army Basic Training.
Post a Comment
Read more

The Black Hole

If this was a minigolf hole, you can't reach B from A. Ever. If this was a room lined with mirrors, and you lit a candle at point A, you can't see it from B, not even reflected.  Update: I guess I didn't explain this all the way through. You can't reach B from A with just one stroke, there's no direct line between them, and there is no way to bounce the ball (assuming perfect conditions). Thanks to Ben for pointing this obvious error. 
4 comments
Read more

Add custom speed settings to your ifit map workout

Ifit.com allows you to build a workout walk/race/bike route simply by clicking on a Google Maps interface. You can then use a compatible ifit-enabled workout machine to recreate the route automatically. The problem is that the user interface still isn't final, so there are features in place that aren't exactly obvious. For example, if you create a workout your machine starts at 1 MPH, because that's the default. But how to set it to start at say, 3 MPH? Easy, just switch from map view to graph view: That button switches from the Google Maps interface to a chart that allows you to visualize and control effort: You can't change the elevation, this is fixed due to the geography that you selected. But you can drag the yellow (speed line) to change the speed of your device.  What if you want to have segments at different speeds? Easy, just click and drag and it will break the line, and you can drag each segment of the line independently: ...
1 comment
Read more