Mike pound explains how to crack passwords to Computerphile. And, on the basis of this he suggests how to choose them. (yes he has read XKCD on the matter). Bonus file on how (not) to store passwords.
There is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. Ian Urbina looks at The Secret Lives of Passwords for the NYT Magazine. (Possible trigger warning - opens with Cantor Fitzgerald looking for passwords the day after 9/11.) [more inside]
During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.
Google knows almost every wi-fi password. Of course this means that the NSA also has access to them. Apple might not be much better.
What are the most common and least common 4-digit PINs? Using data from recent password database leaks, an analysis of PINs. (via Schneier)
Why passwords have never been weaker—and crackers have never been stronger. Ars weighs in on the amazing advances the bad guys have made in password cracking over the last few years. Think you know how to choose something that's safe? The probability is quite high that you don't, even if you're technically ept. [more inside]
People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
LastPass is the last password manager you'll ever need. Available on almost all common platforms, its easy to use, and free. [more inside]
How I'd hack your password is a good introduction to how easy it is to compromise a weak password. What's a weak password? Anything among the top 20 passwords revealed among the thirty million users of RockYou is a good start ("123456" is #1). Or you can look at the 500 worst passwords as drawn by Kate Bingaman-Burt based on a list by security expert Mark Burnett. An analysis of password cracking software tells you what to avoid when trying to generate a strong password, but you can follow these techniques, or give up all together.
Security, the TSA, and the No-Fly List You would think that our National Security apparatus would be like the TV series "24", with the most ingenious and sophisticated technology available. You would be wrong. Disclaimer: TSA is not an
intelligent intelligence agency.
Here's a blurb from the resume of the designer(Kenneth Mack) of the application the airline industry uses for *PDF* managing their employee data and the cross-checking them with the no-fly list:
- Sr. Developer: Developed a program [for Goddard Technologies] that uses the "No-Fly List" Excel spreadsheet, provided by the FAA and the database of badged employees to permute the name combinations. It takes into consideration multiple first and middle names, with Soundex and the various "initial" combinations. This program reduced the time for comparison from 3 days to 10 minutes.The scary yet interesting part of all of this is that the No-Fly List is nothing more than a password-protected spreadsheet (see this PDF). One would guess our Government's geeks would know that it's a bad idea to send email attachments containing social security numbers and dates of birth, unencrypted, over the internets, even if they might be terrorists.
Write down your password. Bruce Schneier, Author of Applied Cryptography and founder of Counterpane security is urging people to write down their passwords.
With its latest security update Microsoft has disabled the ability to pass username:password pairs in URLs. If you usually use this format for connecting to your site via either FTP or HTTP, it will no longer work after you install this update.