[LINK] Millions of LinkedIn passwords leaked online
Richard Chirgwin
rchirgwin at ozemail.com.au
Fri Jun 8 17:40:19 AEST 2012
On 8/06/12 7:58 AM, Glen Turner wrote:
> On 07/06/12 15:32, Richard Chirgwin wrote:
>> I prefer the XKCD approach to passwords:
>> http://xkcd.com/936/
> The math in that is wrong, because in practice the choice of words is
> not independent of the other words.
>
> Consider that people will avoid anti-grammatical word selection and
> order. eg: the odds of five verbs are less than randomness would
> suggest; the probability of word order following a common grammatical
> construct is higher than the probability of the word order being random.
>
> Your GumnutsFiveAntsCuttingSunflowers is a fine example of the point, with
> ADJECTIVE NOUN
> and
> NOUN VERB NOUN
> rather than ordering independent of grammar.
>
> Which isn't to say that Gumnuts password isn't better than 99% of them.
> Which is the essential issue with passwords, and why we need to stop
> using them and start using authentication devices and federated
> authentication instead.
>
Glen - all too true, but excuse me on the basis that I wasn't actually
putting in the mental effort I would if I were creating a real password!
+1 about federated authentication.
RC
More information about the Link
mailing list