Comments on: App Store Hacked – How to Stay Safe Online http://www.worthgodwin.com/basic-computer-training/2010/07/app-store-hacked-how-to-stay-safe-online/ Tue, 06 Dec 2011 15:20:34 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Worth Godwin http://www.worthgodwin.com/basic-computer-training/2010/07/app-store-hacked-how-to-stay-safe-online/#comment-196 Worth Godwin Tue, 14 Sep 2010 04:29:27 +0000 http://www.worthgodwin.com/basic-computer-training/?p=235#comment-196 Simon, I'm not sure I follow all of your math, but I agree it can be difficult for people to memorize random strings of letters and numbers. One option is to think of a "pass<strong>phrase</strong>" instead of a pass<strong>word</strong> -- use a combination of two words with a symbol between them such as % $ * ) ( etc., throw in a number, and then use unusual capitalization with a pattern to it so you can remember, such as capitalizing all vowels or all consonants. So something like 9rEd*fOx or ReD#FoX121 perhaps, just to use an example off the top of my head. Then you can remember a simple phrase but have a "formula" in your head to convert it into a password. This is <em>roughly</em> what I do with my passwords. Hope that makes sense, and thanks for the comment. Worth Simon,

I’m not sure I follow all of your math, but I agree it can be difficult for people to memorize random strings of letters and numbers.
One option is to think of a “passphrase” instead of a password — use a combination of two words with a symbol between them such as % $ * ) ( etc., throw in a number, and then use unusual capitalization with a pattern to it so you can remember, such as capitalizing all vowels or all consonants.

So something like 9rEd*fOx or ReD#FoX121 perhaps, just to use an example off the top of my head. Then you can remember a simple phrase but have a “formula” in your head to convert it into a password. This is roughly what I do with my passwords.

Hope that makes sense, and thanks for the comment.

Worth

]]> By: Simon http://www.worthgodwin.com/basic-computer-training/2010/07/app-store-hacked-how-to-stay-safe-online/#comment-153 Simon Thu, 05 Aug 2010 17:29:26 +0000 http://www.worthgodwin.com/basic-computer-training/?p=235#comment-153 You mention passwords. I am sure you are right about complexity (numbers, punctuation, case), and definately about dictionaries but I am not sure you are right about length. Fundamentally people struggle to remember more than about 5 characters. If they use longer words say the 8 characters beloved of Microsoft then it is not really possible without using some kind of word stem, making dictionary attack much more likely to be effective. In fact there are not really very many 6,7 and 8 letter words to use as stems. Ignoring names, there are around 10000 "common" 3-5 letter words, 6370 6 letter words, 8883 letter words, and 10400 8 letter words. In other words longer passwords tend to mean the palate is around 20000 x 2 (case) x 30 (for a number or punctuation mark) x 2 (number first or last) ... of the order 2,400,000 to 10,000,000 possibilities depending on how much users are willing to break up their words with numbers. Conversely with a 5 character password selected from a 90 character palate there are more than enough combinations (5,273,862,160) once links to known words and names (around 50,000) have been excluded. Accordingly shorter passwords (especially if dictionary checks are enforced) might actually be more secure - by these calculations 2000 times more secure! You mention passwords. I am sure you are right about complexity (numbers, punctuation, case), and definately about dictionaries but I am not sure you are right about length. Fundamentally people struggle to remember more than about 5 characters. If they use longer words say the 8 characters beloved of Microsoft then it is not really possible without using some kind of word stem, making dictionary attack much more likely to be effective. In fact there are not really very many 6,7 and 8 letter words to use as stems.

Ignoring names, there are around 10000 “common” 3-5 letter words, 6370 6 letter words, 8883 letter words, and 10400 8 letter words. In other words longer passwords tend to mean the palate is around 20000 x 2 (case) x 30 (for a number or punctuation mark) x 2 (number first or last) … of the order 2,400,000 to 10,000,000 possibilities depending on how much users are willing to break up their words with numbers.

Conversely with a 5 character password selected from a 90 character palate there are more than enough combinations (5,273,862,160) once links to known words and names (around 50,000) have been excluded.

Accordingly shorter passwords (especially if dictionary checks are enforced) might actually be more secure – by these calculations 2000 times more secure!

]]>