Saturday, 16 April 2011

fluffy is puffy

It is 10 times more secure to use "this is fun" as your password, than "J4fS<2".

Thomas Baekdal explains why it makes sense to use passwords you can actually remember, rather than ones so obscure that you either forget them, or have to write them down. Filed under "this shouldn't need pointing out, but it does."


Meridian said...

But don't forget that every different site etc should have a different login. You don't want a repeat of the recent saga were passwords from one site were used to crack others.

And the guy in the link forgot good old-fashioned "rubber hose" cryptanalysis.

Andrew King said...

True - but having passwords that are easier for people to remember makes it easier to remember multiple passwords. Remembering "J4fS<2", "mn!0Ko4" and "5(2m9T" is hard. Remembering "fluffy is puffy", "my bouncy flatpack" and "walk the pork" is easier. The person using the first three strings of characters is more likely to give up and recycle an existing password for a new site. Also, because the first three passwords are hard to remember, they "feel" more secure than the second three, giving a false sense of security that might lead people to re-use them for multiple sites.

I had to look up the phrase "rubber hose cryptanalysis", assuming it must be somthing highly technical, only to find it really does mean hitting somebody with a piece of rubber hose (or equivalent) until they reveal their password. Duh!