How Secure Are Your Passwords?
by Antone Roundy | 3 Comments | Security
I'll keep this brief today -- just a comic and a quick comment...and yes, the license for this comic allows me to hot link to it. Click to see it bigger:
Rather than choosing completely random combinations of words, a strategy to make passwords easy to remember is to choose words that mean something together to you, but wouldn't to anyone else. For example:
- Pick a place, something you saw there, and who you saw it with.
- Pick a gift you've received, who gave it to you, and what the occasion was.
A few examples of passwords I could create using these methods include "yellowstone bald eagle nicci", "amazon kindle carlos christmas" and "itunes card nicci fathers day".
Definitely easier to remember than "correct horse battery staple".
August 12th, 2011 at 1:26 pm
The entropy of this method (should the method be known by anyone) is as follows
Places you've visited: 5.000 = 5.6 bits
Gift: assume there are 10.000 possible gifts = 6.7 bits.
Who: 2000 "friends", 4.3 bits
Occasion: 365 different occasions = 1.9 bits.
Total = 18.5 bits.
August 12th, 2011 at 1:47 pm
Pedro,
I'm curious how you're calculating bits of entropy. My understanding is that entropy bits = log base 2 of the number of options. That would yield (using your input numbers):
5000 places: 12.3 bits
10000 gifts: 13.3 bits
2000 friends: 11 bits
365 occasions: 8.5 bits
Total: 45.1 bits
The actual number is probably smaller (at least if you know where somebody's been, who their friends are, and if occasions tend to gravitate toward birthdays, holidays, and a few other things). But as long as you don't make your choices too obvious, it should yield pretty good passwords, particularly if you invent your own schema for picking words.
August 12th, 2011 at 1:55 pm
Hey, wait a minute. The two schemas I mentioned were place/object or occurrence/person and gift/person/occasion. I suppose you could go with a gift, given by whom, where, and on what occasion to use all 4 of those elements.