Saturday, 7 September 2019


How many PINs and passwords have you put out there a hostage to fortune? Have you been clever, or too clever by half, in your choice? As XKCD illustrated some years ago, a password has to be a) secure b) memorable c) different for each of several sites.
Secure means not using:  1234; your bday, your dog's bday, the word bidet, 'password'; pa55w0rd; your god-daughter's name; your mother's maiden name; any word in any dictionary; backwards or forwards.
Memorable means that you have to recall the hilarious in-joke you used 18 months ago to buy some novelty bday candles over the internet.
Different because everyone knows your e-mail address and if you use the same pswd everywhere your whole on-line life [me: bank, other bank, wexbus, vodafone, zoom, skype, orcid, gmail, workmail, oldworkmail, mygov, gro, qi, multitrip, wikipedia, amazon, airbnb, ryanair, ny times, dropbox, researchgate, linkedin, eflow, abe, lrb, library, caboodle, elara, eventbrite, ticketmaster] will be unzipped in Kazakhstan as you sleep.

That XKCD cartoon gave, as an illustration, a secure password made up for four different english words concatenated together - correcthorsebatterystaple - to make a technically clever uncrackable password. It should have come with a health warning because, instead of employing the same principle to generate you own combo - powergenitalia? deadsheepsavagebreast? , several dozen literalists started using, maybe with irony intended, correcthorsebatterystaple as their secure password. How do we know this? Because [delicious irony] a web-forum for xkcd fans had half a million passwords hacked and correcthorsebatterystaple came up 120 times.

On the don't do as I do but do as I say front, you might use an acronym password which has stripped off the initial letters of a familair phrase. I suggested nmtesirtd or tbontbtitq two years ago but just now I totally blanked on what they represented - so that means two secure but not memorable passwords, I guess. Auntie Google came to the rescue with the second example which means that phrase should be super-familiar [hint: Hamlet]. Google  up nmtesirtd and you should find only one hit - to the earlier Blob [hint Nightingale]. I think it's okay [because the password encryption mangles all the characters together] to have a base/core password and append suitable suffixes nmtesirtdnytnmtesirtdbnb etc.

No comments:

Post a Comment