Jump to content


Dangerous article about passwords at Baekdal

  • Please log in to reply
No replies to this topic

#1 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 April 2011 - 02:26 PM


Back in 2007, I wrote an article about password security. Specifically how you could create a simple and usable password while remaining secure. In that article, you can read that it is 10 times more secure to use "this is fun" as your password, than "J4fS<2".

This article seems very pernicious to me.

I say the 'usable password' is only a good idea if you only have one password-protected thing. It is a very bad idea to use the same password at more than one site, so how are you going to remember all those different 'usable passwords'? People with the easy to remember password would probably be very likely to use the same one everywhere - losing not just their info but also their online bank account and everything else when (as is probably inevitable) the password is discovered via any number of possible ways such as a site being cracked.

Nothing wrong with the 'usable password' idea per se, but you do need a lot more than one. If you create many small variations of your 'usable' password order to have different ones but still be able to remember them, it will either be far too easy to guess those variants or you won't be able to remember which one you used where and the 'usability' is lost.

I have well over 100 passwords myself, 17 chars, randomly generated with upper and lower case and digits, and use RoboForm to generate and keep track of them.

The site of the article doesn't invite comments so I am commenting here.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

Member of UNITE
Support SpywareInfo Forum - click the button