Security 101: Secure Passwords for Everything

By SnällaBolaget 11 years ago

We usually rag on Bruce Schneier and his self-imposed title of “security” guru. The man is about as well versed in actual physical security as we are in space travel. However, there is one thing he knows, and that’s cryptography, a branch of mathematics that most peope with a computer is at least passing familiar with. Here’s one of the few things we endorse that comes from BS: “Schneier’s Scheme”, a way of choosing passwords for everything. These babies are really, really hard to crack, and we can’t recommend this enough, really, for anyone interested in security.

The Problem

Generally speaking, the problem isn’t that passwords get broken, the problem is that how we think about them is. Replacing o’s with 0’s (zeros) and I with 1 and so on isn’t going to cut it in the long run.

Here’s Schneier himself:

As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second. These guessers might run for months on many machines simultaneously.

They guess intelligently. They don’t run through every eight-letter combination from “aaaaaaaa” to “zzzzzzzz” in order. That’s 200bn possible passwords, most of them very unlikely. They try the most common password first: “password1”. (Don’t laugh; the most common password used to be “password”.)

So what’s the solution? If any word and/or name you can think of is a liability waiting to happen, you’ve got serious cleaning up to do, huh? Yep. Don’t we all. The good news? There’s still a secure scheme out there, which will render your passwords impervious to conventional attacks, at least.

So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.

That easy. Even if the site or application you need a password for doesn’t accept spaces, this will check out. Replace spaces with dots, commas, underscores or eliminate them completely. Here’s how:

  • WIw7,mstmsritt… = When I was seven, my sister threw my stuffed rabbit in the toilet.
  • Wow…doestcst::amazon.cccooommm = Wow, does that couch smell terrible.
  • Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.
  • uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure.

You get the idea. Combine a personally memorable sentence, some personal memorable tricks to modify that sentence into a password, and create a long-length password.

Today’s useful tip, brought to you by SnallaBolaget.com, and, incredibly, Bruce Schneier.

 

About Author

SnällaBolaget

See author's posts

Tags: , , , , , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Save