[LINK] Millions of LinkedIn passwords leaked online
Glen Turner
gdt at gdt.id.au
Fri Jun 8 07:58:31 AEST 2012
On 07/06/12 15:32, Richard Chirgwin wrote:
> I prefer the XKCD approach to passwords:
> http://xkcd.com/936/
The math in that is wrong, because in practice the choice of words is
not independent of the other words.
Consider that people will avoid anti-grammatical word selection and
order. eg: the odds of five verbs are less than randomness would
suggest; the probability of word order following a common grammatical
construct is higher than the probability of the word order being random.
Your GumnutsFiveAntsCuttingSunflowers is a fine example of the point, with
ADJECTIVE NOUN
and
NOUN VERB NOUN
rather than ordering independent of grammar.
Which isn't to say that Gumnuts password isn't better than 99% of them.
Which is the essential issue with passwords, and why we need to stop
using them and start using authentication devices and federated
authentication instead.
--
Glen Turner www.gdt.id.au/~gdt
More information about the Link
mailing list