Wednesday, November 27, 2013

Passwords

I recommend making up a sentence. Start from a movie or book. Summarize an idea. Then maybe substitute a number for a letter. o, q => 0, i, l =>1, 4 => #, or whatever. Let's say you want to make up an 8 character password. You saw the first movie Thor. An original quote is this:

"Whosoever holds this hammer, if he be worthy, shall possess the power of Thor."

That's 14 words. Maybe "The worthy holding this hammer have the power of Thor". That's 10. Maybe "The power of Thor to the worthy". That's 7. But you heard it in the first movie. So add a 1. It's 1, so jam it in at the beginning. 1tpotttw. Of course, don't use this example. Use "The Password Of Thor To The Worthy One" instead.

So, you have to change passwords every month. And you can't remember which of your passwords is current. You could write "Thor" on a Post It note, and put it on your monitor. You can keep a running list of all your recent passwords on your monitor, in case you failed to change one of them. You've seen other movies, right?

lastpass.com

I'm not a troglodyte. I've used a password manager. Can you say "Single point of failure"? Many companies have password length restrictions, adding together the restrictions of numerous operating systems.

I wrote a password generator once. It tried hard to make up memorable passwords. They weren't that memorable. And, it turned out that it used the date/time to the second as a random number seed. What could go wrong? Well, if one can guess when a password might have been generated to within a year, that's only about 31,536,000 passwords to check. That's nothing for a computer.