Comments on: Patterns, privacy, and performance

By: Simon Bostock

Simon Bostock — Fri, 05 Feb 2010 08:35:56 +0000

I read an interview with a ‘leading security expert’ (sorry, this is vague but I can’t remember who or where – they were not famous all over the world, apparently) who said that we’ve got all of our password security stuff back-to-front.

At work we’re told, “Don’t write down your password!”

His point: we’ve a couple of hundred years of experience of writing down secrets and keeping them safe. I use my Slavic education to come up with my passwords (and I guess my kids will use Japanese) but I could just as easily write them down, I suppose.

By: Dave

Dave — Sat, 23 Jan 2010 01:52:55 +0000

Ian, I think those are all good approaches. They involve the individual in the creation of the password, which increases the likelihood that it’ll be remembered. Combining that with other strong-password techniques (mixed case, non-alpha characters) and you can go far. Even better if you speak another language and can work that into the mix: 6!crWth , for instance, is my way of saying there are six (six!) strings on the crwth, a Welsh harp.

By: Ian

Ian — Sat, 23 Jan 2010 00:12:33 +0000

changing P/W’s used to drive me nutz…

Until an old Army buddy of mine asked me to recite the serial number of my Basic(1976)Training rifle…

Now I have about a dozen 7 character-mixed-number/letter (more if you add weapon types or year of issue) passwords that I could NEVER (even though Ive tried, Lord knows I’ve tried!)forget, with great secure hints like “FallEx’81″, or “Sandman”.

Point of all that gipe is that it might be more effective to help people identify strong memories themes that will create good passwords than generate strong paswords for them.

Mountains you’ve climbed…

Types&displacements of the engines of cars you’ve owned…

Camera/filmspeed/Fstop of a picture you took…

The sequence of the notes in a favourite guitar lick…

What are the things you’ll never forget?