Wednesday, July 05, 2006

Choose (and remember) great passwords.

Just read a very interesting article at on generating and remembering strong passwords.

Unfortunately there are too many secure services that rely their front-end on a secret user-defined word (aka password). And since the user is usually the weakest link in a secure protocol, the need for strong (difficult to guess) passwords is obvious. The problem is that difficult passwords are also difficul for users to remember so the vast majority chooses simplisity over security and use date of birth, favorite football team, etc instead. These words exist in dictionaries so what one has to do is test all words found in a dictionary and see if any is used as a secret word (dictionary attack). It is a fact that dictionary attacks have results and I've always wondered why people use a plain word like "book" or "door" to protect their online credit card account. Not too many years ago system administrators, in an attempt to feed their ego, had passwords like "god", "admin", etc. You can only imagive what level of security those words offered.

So read this and you'll have a good idea how to increase the security around your online activities.

P.S.: Personally I generate totally random passwords and memorize them. I don't know if it's because I am young or sth but somehow I manage to remember them all. That's not something I would recommend to others though.

No comments: