[ale] passwords

[Drifter]

the recent chatter about network security has, mostly, skirted around the 
password problem. Too many web sites that need strong security restrict 
passwords by length, or character set, or both. So also do many corporate 
web sites.  Software exists that can generate random alphanumeric 
passwords, but they routinely suffer the same fault: being difficult to 
remember, users end up with notes taped to monitors, voiding the security.

For the past decade or so I have been recommending that computer users 
pick out several favorite poems/songs and use them to generate passwords.

For example, fans of mathematics might reach for Lewis Carroll:

The time has come, the Walrus said, to talk of many things,

which would generate the short password  <tthctwsttomt>, which munged just 
a little bit becomes <TthctW5ttomT>.

or perhaps, 

’Twas brillig, and the slithy toves
Did gyre and gimble in the wabe

which would generate <tbatstDgagitw>

English majors might prefer something from "The Love Song of J. Alfred 
Prufrock":

In the room the women come and go,
Talking of Michelangelo.

Or the opening of "A Tale of Two Cities":

It was the best of times, it was the worst of times;

I do not, for obvious reasons, ever suggest the song
"All I want for Christmas is a hippopotamus."  :)

The people I advise do not understand the need for encryption, so the 
topic of pass phrases does not usually come up. Memorable quotations from 
obscure works are ideal, but all too often are not considered.

I wish that financial institutions would lift restrictions on password 
length and complexity, but that would, almost certainly, entail reworking 
a poorly crafted database.

Sean




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110212/e628cd18/attachment.html