Grammar badness makes cracking harder the long password
There is another awesome article on Ars Technica about creating passphrases:
http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/
Comments
-
Hi
Between Ars and the AgileBits blog I normally feel I am keep my security processes fairly up to date without extreme paranoia!
My grammar is pretty bad anyway, but I gave up on trying to generate my own passphrases a while ago and use Diceware, but sometimes I get caught out without access to Diceware so the article is useful for helping to think up better passphrases.
I'll look forward to your article.
Mike
Flag 0 -
Hi Mike,
I'm glad to hear we're in your top twos.
sometimes I get caught out without access to Diceware
Wait, you don't have 1Password on your iOS device surgically attached with an extension cord to your hip all the time like us? I guess, we're not normal folks then.
Flag 0 -
The simple message is that people are terrible at being random even when they are trying to be random. If you ask people to pick an item at random from a list of 5 things, you will get a disproportionate picks of the second and fourth items. (Psychics use that trick). If you ask people to pick a random number between 1 and 100 the results have a strong tendency to be (pseudo)-prime, or at least odd.
So even if you are stuck without access to the Diceware lists, try to find some way to (externally) randomize the password selection process.
I really should have gotten this article out earlier, but I've been doing a lot of math on this also on our Strong Password Generator, which I'll probably have to cut from the article anyway.
Cheers,
-j
Flag 0
