Monday, August 23, 2010

Making a 'Super Password'

"How to create a 'super password'"
John D. Sutter, CNN (August 20, 2010)

"Say goodbye to those wimpy, eight-letter passwords.

"The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology.

"The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.

"But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap.

" 'The length of your password in some cases can dictate the vulnerability,' said Joshua Davis, a research scientist at the Georgia Tech Research Institute.

"It's hard to say what will happen in the future, but for now, 12-character passwords should be the standard, said Richard Boyd, a senior research scientist who also worked on the project...."

According to the CNN article, the researchers chose the number 12 for their recommended password length because they think it's a good balance between convenience and security.

Eventually, we may get really long passwords.

"...Here's one suggested password-sentence from Carnegie Mellon University:

" 'No, the capital of Wisconsin isn't Cheeseopolis!'..."

That'll have to wait until the security systems websites use will handle characters other than letters of the alphabet and numbers: like commas, apostrophes, and blank spaces.

The Lemming must be using some of the better-run websites: I was surprised to learn that a fair number of places online won't accommodate long passwords.

The Lemming Applauds Himself: But You Might Find It Useful

Me? I've been using 'long' passwords, a dozen or so characters long, for years. They're not all that hard to remember, since I use a pattern. I have three parts for each password. One's a word that isn't in most dictionaries, the other involves a number that's easy for me to remember, and the third is very mnemonic - generally having something to do with the website or service I'm logging into.

If all I relied on was the mnemonic part, I could be hacked fairly easily. All three together? I'm not sure how long it'd take for a program to run through enough combinations to 'guess' the right one. I'm not worried, though: the places I go generally limit the number of times I'm allowed to make a mistake before having to wait and visit the place later.

The CNN article does a pretty good job of discussing password security: including how to deal with the issue of remembering your passwords.

One of the solutions seems to be a disaster waiting to happen, as the author concedes:

"...A website called Password Safe will store a list of passwords for you, but Boyd and Davis said it may still be possible for a hacker to obtain that list...."

There are other solutions: including physical gadgets you can carry around with you.

The Lemming's opinion is that the best approach to password security is to work out a system that
  • You can remember at 2:00 a.m.
  • Produces
    • Different password for every site
    • Long passwords
    • Passwords with letters and numbers
  • Doesn't involve your birthday, or other fact that others know about you
  • Isn't on a sticky note stuck to your monitor
Related posts:

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?


Family Blogs - Blog Catalog Blog Directory