[SOT] {FWD} [Dailydave] Don't use vowels in passwords! (fwd)

David Vorick david.vorick at gmail.com
Tue Nov 12 08:00:01 PST 2013


https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html

The xkcd comic doesn't really apply anymore. Dictionary attacks have gotten
to the point where they can crack 'momof3g8kids' and 'Coneyisland9/,'

and apparently have dictionaries breaking 100 million words. As password
attacks get better and better at predicting human patterns (and hardware
gets faster), you are going to need to completely generate your passwords
at random in order to defend against dictionary attacks.

Which means the current password model is broken, as we all know it has
been for a while. Why isn't there a stronger effort to replace it with
something like a universal public key system?


On Tue, Nov 12, 2013 at 4:01 AM, rysiek <rysiek at hackerspace.pl> wrote:

> Dnia poniedziaƂek, 11 listopada 2013 15:29:13 Kelly John Rose pisze:
> > The most useful strategy I've seen is to use multiple authentication
> > methods or the "a few really hard passwords + random statement for each
> > site."
> >
> > Ie. you can probably memorize something like
> >
> > lMB^9Pl!
> >
> > so use that for the sites and then tack on something like
> >
> > lMB^9Pl!Ilikeshopping123
> >
> > Then the probability of actually cracking that password is low, and
> > unless you are being specifically targeted, even if they got that
> > password they wouldn't immediately be able to use it on other websites.
> > It's easy to remember because that 8 digit code you'll type everywhere,
> > and the ending is always something cognitively easy.
>
> Oblig. XKCD:
> http://xkcd.com/936/
>
> --
> Pozdr
> rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2316 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131112/85804c1f/attachment-0001.txt>


More information about the cypherpunks mailing list