[Reader-list] Passwords

Supreet supreet at sarai.net
Tue Oct 8 06:16:38 IST 2002 

But as the saying goes, " A chain is as strong as its weakest link", once a
machine has been 0wned then any program that runs on it could passing
information to the cracker. So enforcing security means asking your peers to
keep tough passwords or pass phrases. Which may not be easy


On Mon, Oct 07, 2002 at 11:30:26AM -0700, Bijoyini wrote:
> 
> In addition to just a word, some applications now have
> the ability to accept passPHRASES (as opposed to
> passWORDS). So you can type in a whole sentence
> instead of just a word. It is harder to hack if you
> think of all the permutions involved in hacking a
> sentence instead of a word. Moreover, a password is
> chose from a the set of symbols that include
> alphabets, numbers and some special characters. This
> set of symbols is small. A passphrase is selected from
> the natural language dictionary that typically
> comprises of 10 000 words to 500 000 words (for a
> range of users). This set is larger than the set of
> alphabets.
> 
> Some claim that it is also easier to remember "I l0ve
> m0vies, f00tball, f00twear and gr00ve" (letter O
> replaced by number zero) than "rt34fd0".
> 
> 
> > -- Base the password on mnemonics or acronyms, not
> > words or names. 
> > Use your favourite song titles, movies, football
> > teams as starters. 
> > It's got to be something that you know a lot about,
> > but not something 
> > that other people can find out about you--such as
> > your birthday, your 
> > place of birth, or your kids' names. The first
> > letters of the movie 
> > The Year of Living Dangerously, for example, could
> > be used in 
> > conjunction with its two main stars, Mel Gibson and
> > Sigourney Weaver, 
> > to read "tyoldmgsw."
> > 
> > -- That's just the start. Now you have something you
> > can remember, 
> > but it's still just basic letters. You need to turn
> > some of them into 
> > numbers, punctuation symbols and capitals. Try
> > turning the o into a 
> > similar-looking zero, the l into a one and the s
> > into a five. That 
> > would give you "ty01dmg5w" which is a lot better,
> > and still easy to 
> > remember, since the numbers are similar to the
> > letters they've 
> > replaced.
> > 
> > -- This, sadly, is still not good enough. The people
> > who write 
> > hacking programs are on to this kind of trick, so
> > your password is 
> > still vulnerable. It needs an extra trick or two.
> > Try capitalizing 
> > the family-name letters, alter the 0 to
> > similar-looking bracket marks 
> > (), and move the numeric characters one key to the
> > left on your 
> > keyboard.
> > 
> > If your passwords are as good as that, then you
> > should be safe. But 
> > there's still a weakness, and it's still human.
> > Never give your 
> > passwords to anyone, don't reuse them for different
> > accounts, and 
> > change them every few months. Store them on your
> > personal digital 
> > assistant if you like, but remember that, even if
> > it's in a 
> > well-encrypted file, all your valuable info is just
> > one password away 
> > from being accessed by someone. If they steal your
> > device, chances 
> > are they're eager enough to try to crack the
> > password protecting all 
> > your passwords. Passwords are better kept in your
> > head, triggered by 
> > things you'll never forget.
> > 
> > Now, if you'll excuse me, since I've told you my
> > password I've got to 
> > go make up a new one.
> > 
> > Write to me at jeremy.wagstaff at feer.com
> > _________________________________________
> > reader-list: an open discussion list on media and
> > the city.
> > Critiques & Collaborations
> > To subscribe: send an email to
> > reader-list-request at sarai.net with subscribe in the
> > subject header.
> > List archive:
> <https://mail.sarai.net/pipermail/reader-list/>
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> _________________________________________ reader-list: an open discussion list on media and the city.
> Critiques & Collaborations
> To subscribe: send an email to reader-list-request at sarai.net with subscribe in the subject header.
> List archive: <https://mail.sarai.net/pipermail/reader-list/>

More information about the reader-list mailing list