Monday, June 11, 2012

Perfect Passwords

I'm sharing  Alexandra Petri's funny blog post on passwords, which will be a topic of discussion on Tuesday night.

JAE

========================

After the Linkedin hack, how to pick the most secure password of all time


Paul Sakuma - Associated Press)



The perfectly secure, perfectly memorable password is absolutely pure and rarer than the unicorn. It is like the Holy Grail, the Fountain of Youth, the philosopher’s stone, or a model that will get users on the Internet to pay for curated content. That is to say, no one has ever found it, and some doubt whether it exists at all.
Recently Linkedin.com announced that something like 6.5 million passwords had been hacked. If you have a Linkedin account, you had better act quickly and come up with something secure before your identity gets stolen! Or you could just quit Linkedin. That might be easier. Coming up with a secure password is harder than it sounds. And it sounds hard!

Tips abound, but they are even worse than the problem.

The usual rules for picking a password go something like this: Combine a whole bunch of letters and numbers in the precise order you are least likely to remember. This forces you to write them down on a sticky note somewhere visible in your office, defeating the point entirely. (On the bright side, this makes it easier for the investigators to find out about your extramarital affair if you are ever murdered.)
As XKCD points out, this situation is absurd.

I spent the past several months in prayer and meditation on the subject, and finally inspiration struck. Here are some of the Internet’s top tips for secure passwords — and what to do about them.

    1. Use a combination of alphanumeric characters and symbols that does not depend on actual words.
A Web site billing itself as “Perfect Passwords” suggested this one: BD052EA025643096595CD1A217658B10374242DC59DB397D9088C24DAEAF9059.
Perfect!
 
 2. Use the first letters of the lyrics of a song that you like. For instance, “Billie Jean is not my lover” becomes “bjinml.”

This assumes a great deal — for instance, that you actually remember the lyrics of the songs you like. I love “Smells Like Teen Spirit,” but for years I thought the lyrics were “Awastuuuka, keratin augh, amakneeler, zindahealer! YAEERGH.” And I am still not convinced that they aren’t.

I also like that new Rihanna song, but lyrically it has little to offer. Here is the main line of the chorus in its entirety: “cake cake cake cake cake cake cake cake cake cake cake cake cake cake cake” (“ccccccccccccccc”).

And if your favorite song is “La Bamba,” you might as well turn in the keys now.

3. Use phrases that speak to you but no one else, like “My ’94 Hyundai Excel Is Blue.”
Look, if you are still driving a ’94 Hyundai Excel, I doubt anyone wants to steal your identity.

4. Mix two memorable words together. They suggest dcoagt.
This is easier if you are dyslexic, I think. I tried this and got whorewantstoseeyou, combining the two familiar words “woe” and “hr wants to see you,” and now HR wants to see me.

5. Don’t use a phrase that is popular or common.
So a good, secure password might be, “That Michael Buble is so edgy” or “I have few qualms about the quality of Fox reporting” or “The Washington Redskins are uniquely competent.”

6. Use your anniversary as a password. “That way, you’ll never forget either!” the people who write this sort of advice say, a little too optimistically, I think.
Who are these people, anyway? You have the sense, reading their advice, that they have beautiful, organized homes and children whose names are good, sturdy, alphanumeric blends, and they seal all their leftovers in carefully labeled plastic containers. They amuse themselves by reciting long strings of numbers and song lyrics to their spouses while sitting in their blue Hyundai Excels. We are not like them.
For most real people, using your anniversary as a password guarantees that you will forget both. “Honey,” you will be forced to say, “I can’t seem to get into our bank accounts.”

“What’s the password?”

“Our anniversary.”

“So what’s the problem?”

“Well,” you say. “I think perhaps a malicious time traveler changed the date in my timeline, and I was wondering if you would tell me if it is the same day that I remember?”

This will be the best you can do under pressure, and it is not enough. You’ll wind up on the street without access to funds as someone cries and flings Tupperware containers of leftovers at your head.

7. Use something memorable, like a historical date.
This would be good advice if I had not been in conversations where people asked, with no irony whatsoever, “When was the Compromise of 1850?”

The memorable things are never the things you actually remember. Your anniversary? Your child’s birthday? Of course not. You are too busy remembering all the lyrics to a song about recycling that you were forced to memorize as a small child, or the fact that Michael Fassbender and Zoe Kravitz briefly dated, or anything negative anyone has ever said about you.

And the sad, specific sentences aren’t even unique. At least one other person, Buzzfeed found, has “foreveralone” as a password.

If there is one thing I have learned in all this research, it is that there are memorable passwords and secure passwords, and never the twain shall meet. No, the only thing to do is try to get the sympathy of the hacker. My password is “Pleasesirormadammyidentityisworthlessbutitisallihave8.” (They make you put a number in.)

No comments:

Post a Comment