Yesterday I wrote about a study that revealed how real users think and act when it comes to passwords and one of the biggest challenges for them was dealing with so many passwords; a problem that led to them using weak passwords and often re-using them to save effort. But there are systems that can make generating and remembering passwords much easier ...
For a few years I’ve used a password system that’s been really successful; the only problem I’ve had has been when entering the passwords but that’s really just because I’m not a very good typist. My system is based on a simple formula and, nope, I can’t tell you what it is exactly but let me give you a similar method:
- Take the first letter of the site’s name in lower case ("gmail.com" gives “g”)
- add the last two digits of, say, your birth year, reverse them ("1963" – not my birth year, alas - becomes "63" which gives “36”)
- Add a “+”
- Add the next four letters of the site’s name in upper case ("gmail.com" gives “MAIL”)
- Add a “-“
- Add the last four digits of your phone number backwards ("888-555-1234" gives “4321”)
- Voila! Your password for http://gmail.com would be “
g36+MAIL-4321”. And for http://networkworld.com it would be “
According to passwordstrengthcalculator.org the strength of these passwords (measured by their information “entropy”) is 85.2 bits and it would take a supercomputer up to 14 years to guess the password while a PC/GPU setup might have to run for 283,717 years to guess it. Not bad at all. Also see Gibson Research’s Password Space Search Calculator which figures that the count of all possible passwords with this alphabet size and up to this password's length is:
… and the site figures the time required for a desktop machine to exhaustively search this password's space, assuming one thousand guesses per second, would be 16.50 trillion centuries while at a supercomputer speed of one hundred trillion guesses per second it would still take up to 1.65 hundred centuries.
And these kinds of formulae are easy to construct and easy to remember.
But what if you’re really lazy or, as many people are, really not very good at these kind of mental gymnastics? You might prefer this tool, the Qwerty Card from Qwertycards ($4.99 with international delivery included):
These are simple plastic cards laid out like a Qwerty keyboard and each one has a unique code; in the above picture it’s “
sh(/J3Hq” to which you add your own secret password, for example, “
catfish”. You then append the encoded version of the site’s name using the character map on the card, for example, “Amazon” becomes “
.u.rqf” which is added to the previous strings to generate the complete password. So, from our examples, your final password would be “
sh(/J3Hqcatfish.u.rqf” which, according to How Secure is My Password could take a desktop PC about 3 septillion years to crack.
While the Qwerty Card might seem to involve a lot of effort in managing passwords it’s really a minimal amount of pain compared to actually remembering scores of passwords and next to no work compared to trying to clean up after your accounts have been breached.
With more and more workloads going to the cloud, and the top vendors being as competitive as they’ve...
Sample some of the toughest job interview questions for technology professionals, as rounded up by...
The U.S. government reportedly pays Geek Squad technicians to dig through your PC for files to give to...
So far, there’s no reason to think this issue is affecting other iPhone devices.
Of the Everests that IT faces daily, identity and access management is a particular challenge. These 10...
New and dynamic authentication factors can help prevent identity theft.
A fresh round-up of venture-backed Internet of Things startups with a focus on enterprise IT.