TrackBack URL for this entry: http://www.collisiondetection.net/mt3/mt-tb.cgi/413
This is pretty cool. I have about 5 different passwords (with minor variations) that are basically the lines from a song or poem that I like.
Take the first letter from each word. Works the same way, and you don't need an inkblot.
Under the spreading chestnut tree, the village smithy stands. (utscttvss) Just say the line to yourself, and type your password.
Posted by: Dave Buster at July 22, 2003 12:41 PM
Wow, that is an incredibly cool technique! And arguably even better, insofar as virtually *everyone* knows a song they could use. I am totally going to try that for my next password ...
Posted by: Clive at July 22, 2003 12:47 PM
I recall reading somewhere about a system that showed you a recurring set of faces every time you logged in, so that you would come to recognize them.
After a time, instead of a normal password, it would flash three faces on the screen for a fraction of a second, only one of them from the set. Because humans are good at recognizing faces, it is easy to spot which one is "correct." The system can flash faces as many times as necessary for the desired level of security.
This system has the added feature of being non-transferrable: I cannot tell you my password, even if I want to.
Posted by: Jonathan Korman at July 22, 2003 1:33 PM
I tried the "passfaces" system you describe, Jonathan; it worked for a little while, but when I went back after some weeks I couldn't recognize the faces to save my life. The one that works for me is numeral substitution in a familiar word, e.g., if your favorite city is Manhattan, substitute "10" for "tan" and you get Manhat10 -- easily remembered, hard to crack.
Posted by: Ernest Kinsolving at July 22, 2003 1:46 PM
I've never tried that face-recognition one. Intriguing point about how it's uncrackable because, well, you yourself can't explain or describe your password to anyone else!
Ernest, that substitution one is very, very cool. I'd never thought of that before. I myself tend to string together a bunch of short, two- or three-letter alphanumeric sequences that have some mnemonic import for me personally. But that can be hard to manage, and I've forgotten passwords in the past.
These are all incredibly cool suggestions. I should put 'em together on a page of "easy-to-use ways to generate hard-to-crack passwords."
Posted by: Clive at July 22, 2003 2:10 PM
There's essentially four sets of passwords that I use. Firstly, for random registrations and what not, I have two of my "insecure" passwords which are simple words. secondly: over the last while, when I sign up for something I have started to make the password relate to something of the site itself... like, in some cases, the site name itself. The benefit of this is that if the site does prove to be insecure, any cracker will have only one of my passwords and would not be able to use it anywhere else (as the passwords would be different).
My third password is my "secure" password -- and I only use it with a few very private places, like my bank's web-site. It kind of evolved on its own really, and it is a combination that is so familiar to me, I am unlikely to forget it. It is three random letters intermixed with the full combination for the lock I used throughout high-school. I think it's pretty safe.
I think something like this -- something that is so ingrained in my mind -- is a far better solution than the renderings of an ink-blot. I think they are a little TOO subjective. Let's face it, interpretations of inkblots do change over time.
Then again, maybe I'm abnormal as I don't have any difficulty remembering odd passwords.
Posted by: nowak at July 22, 2003 6:09 PM
Ernest, the letter to number swapping might not be as secure as you think. Tan = 10 is probably ok, but some people use things like 3 for E, and 1 for I. Most dictionary based attack tools know this and will do the substitutions. My preferred method of selecting passwords is the song method Dave Buster suggests, and then if you want to add letter to number substitution on top of that you have a very secure system.
But several of the people who've replied to this have ways to generate pretty good passwords which does rather suggest the answer to the problem is teaching people how to pick a good password, rather than yet more obscure technology. Password management systems like Apple's Keychain are possibly also part of the answer, because then you only need to remember one password anyhow.
Posted by: Peter Bagnall at July 22, 2003 6:44 PM
This points to the fundamental problem with passwords as a security mechanism. They were a great solution for Unix sysadmins 30 years ago, who would have only a few and would use them every day, sometimes several times a day.
For people who need to identify themselves to dozens of different systems, and may go weeks or months before revisiting a given system, they simply don't match how the human mind works. (Unless, apparently, you are nowak!)
Mapping the inkblot principle back to conventional passwords thus ultimately represents a failure of imagination. Assuming the research is correct, and people will provide the same distinctive description for an inblot revisiting it much later, why not show a single inkblot and simply ask the user to type in a description of what they see?
Posted by: Jonathan Korman at July 23, 2003 1:05 PM
For PIN numbers, I remember one pin (the first one I ever got) and just add it (without carrying) to the first 4 digits of whatever credit/debit card I'm using. So if my generic PIN is 1234 and my Card number is 9183... my PIN for that card is 0317. For cards I use frequently, I generally just end up knowing the transformed number.
More generally, I think having a random function of standard inputs (maybe the name of a website and your login ID) is a good password solution. If you protect that function well enough (not like me and my PIN algorithm :) ) then blowing any single password is not a problem. For things you use rarely, investing a little effort to reconstruct your password isn't a big deal, IMO. Just off the top of my head, interleaving your name backwards with the first several letters of the website (with the number 3 after the 3rd letter for good measure) should be pretty easy to remember and pretty hard to crack:
oac3mnaazrofn would be my amazon password under this system.
Franco
Posted by: Franco at July 24, 2003 10:21 PM
Posted by: dsl tarife at January 2, 2004 4:07 PM
Posted by: milf at January 3, 2004 9:29 AM
Posted by: Gabriola Island at January 10, 2004 6:23 AM
Posted by: Online Casino at January 16, 2004 2:55 AM
Posted by: julia at January 24, 2004 6:55 PM
RAD.... been enjoying looking through your archives.
Posted by: jeff at April 2, 2004 1:11 AM
And there were strip poker free, which stunt head-in-the-clouds poker games about in unpartisan party poker arranged with ten-thousand-dollar art. Out of the South it was that the White Ship used to come when the moon was elfin and folded in the the poker room. The pain and pounding in my head had been quite woodland when the drug was administered, Of the future I had no heed, to escape, whether by cure, unconsciousness, or death, was all that committed me. In summer the online poker sites cooled with least dry breezes skillfully quivered by fans, and in winter they were heated with accompanying fires, so that in those gardens it was always supplement.
Posted by: online poker at December 19, 2004 12:56 AM
Posted by: gjnfg at December 30, 2004 6:09 AM
Hello folks nice blog youre running
Posted by: lolita at January 20, 2005 12:11 AM
Posted by: home loans at February 16, 2005 6:52 PM
Posted by: home loans at February 16, 2005 6:54 PM
Posted by: rings at February 16, 2005 8:23 PM
Posted by: rings at February 16, 2005 8:24 PM
This is pretty cool. I have about 5 different passwords (with minor variations) that are basically the lines from a song or poem that I like.
Take the first letter from each word. Works the same way, and you don't need an inkblot.
Under the spreading chestnut tree, the village smithy stands. (utscttvss) Just say the line to yourself, and type your password.
Posted by: Dave Buster at July 22, 2003 12:41 PM
Wow, that is an incredibly cool technique! And arguably even better, insofar as virtually *everyone* knows a song they could use. I am totally going to try that for my next password ...
Posted by: Clive at July 22, 2003 12:47 PM
I recall reading somewhere about a system that showed you a recurring set of faces every time you logged in, so that you would come to recognize them.
After a time, instead of a normal password, it would flash three faces on the screen for a fraction of a second, only one of them from the set. Because humans are good at recognizing faces, it is easy to spot which one is "correct." The system can flash faces as many times as necessary for the desired level of security.
This system has the added feature of being non-transferrable: I cannot tell you my password, even if I want to.
Posted by: Jonathan Korman at July 22, 2003 1:33 PM
I tried the "passfaces" system you describe, Jonathan; it worked for a little while, but when I went back after some weeks I couldn't recognize the faces to save my life. The one that works for me is numeral substitution in a familiar word, e.g., if your favorite city is Manhattan, substitute "10" for "tan" and you get Manhat10 -- easily remembered, hard to crack.
Posted by: Ernest Kinsolving at July 22, 2003 1:46 PM
I've never tried that face-recognition one. Intriguing point about how it's uncrackable because, well, you yourself can't explain or describe your password to anyone else!
Ernest, that substitution one is very, very cool. I'd never thought of that before. I myself tend to string together a bunch of short, two- or three-letter alphanumeric sequences that have some mnemonic import for me personally. But that can be hard to manage, and I've forgotten passwords in the past.
These are all incredibly cool suggestions. I should put 'em together on a page of "easy-to-use ways to generate hard-to-crack passwords."
Posted by: Clive at July 22, 2003 2:10 PM
There's essentially four sets of passwords that I use. Firstly, for random registrations and what not, I have two of my "insecure" passwords which are simple words. secondly: over the last while, when I sign up for something I have started to make the password relate to something of the site itself... like, in some cases, the site name itself. The benefit of this is that if the site does prove to be insecure, any cracker will have only one of my passwords and would not be able to use it anywhere else (as the passwords would be different).
My third password is my "secure" password -- and I only use it with a few very private places, like my bank's web-site. It kind of evolved on its own really, and it is a combination that is so familiar to me, I am unlikely to forget it. It is three random letters intermixed with the full combination for the lock I used throughout high-school. I think it's pretty safe.
I think something like this -- something that is so ingrained in my mind -- is a far better solution than the renderings of an ink-blot. I think they are a little TOO subjective. Let's face it, interpretations of inkblots do change over time.
Then again, maybe I'm abnormal as I don't have any difficulty remembering odd passwords.
Posted by: nowak at July 22, 2003 6:09 PM
Ernest, the letter to number swapping might not be as secure as you think. Tan = 10 is probably ok, but some people use things like 3 for E, and 1 for I. Most dictionary based attack tools know this and will do the substitutions. My preferred method of selecting passwords is the song method Dave Buster suggests, and then if you want to add letter to number substitution on top of that you have a very secure system.
But several of the people who've replied to this have ways to generate pretty good passwords which does rather suggest the answer to the problem is teaching people how to pick a good password, rather than yet more obscure technology. Password management systems like Apple's Keychain are possibly also part of the answer, because then you only need to remember one password anyhow.
Posted by: Peter Bagnall at July 22, 2003 6:44 PM
This points to the fundamental problem with passwords as a security mechanism. They were a great solution for Unix sysadmins 30 years ago, who would have only a few and would use them every day, sometimes several times a day.
For people who need to identify themselves to dozens of different systems, and may go weeks or months before revisiting a given system, they simply don't match how the human mind works. (Unless, apparently, you are nowak!)
Mapping the inkblot principle back to conventional passwords thus ultimately represents a failure of imagination. Assuming the research is correct, and people will provide the same distinctive description for an inblot revisiting it much later, why not show a single inkblot and simply ask the user to type in a description of what they see?
Posted by: Jonathan Korman at July 23, 2003 1:05 PM
For PIN numbers, I remember one pin (the first one I ever got) and just add it (without carrying) to the first 4 digits of whatever credit/debit card I'm using. So if my generic PIN is 1234 and my Card number is 9183... my PIN for that card is 0317. For cards I use frequently, I generally just end up knowing the transformed number.
More generally, I think having a random function of standard inputs (maybe the name of a website and your login ID) is a good password solution. If you protect that function well enough (not like me and my PIN algorithm :) ) then blowing any single password is not a problem. For things you use rarely, investing a little effort to reconstruct your password isn't a big deal, IMO. Just off the top of my head, interleaving your name backwards with the first several letters of the website (with the number 3 after the 3rd letter for good measure) should be pretty easy to remember and pretty hard to crack:
oac3mnaazrofn would be my amazon password under this system.
Franco
Posted by: Franco at July 24, 2003 10:21 PM
dsl dsl dsl tarife dsl flatrate isdn xxl dsl bestellen dsl dsl flatrate dsl dsl dsl angebote 1&1 apotheke medikamente arzneimittel kreditkarte kreditkarten medikamente apotheke kredite kredite
Posted by: dsl tarife at January 2, 2004 4:07 PM
sweet
Posted by: milf at January 3, 2004 9:29 AM
The Gabriola Island Community Forum
Gabriola Island Links And Other Gabriola Websites
Information About Gabriola Island
[ Gabriola Island ]
[ The Gabriola Sounder ]
[ Gabriola Island Real Estate ]
[ Gabriola Real Estate ]
[ A Gabriola Island bc ]
[ Gabriola ]
[ Gabriola Island Real Estate ]
[ Gabriola Island Real Estate ]
[ Gabriola Bed And Breakfast ]
[ Gabriola Island Real Estate ]
[ Gabriola Sounder ]
[ Gabriola Sounder ]
[ Gabriola Cycle Kayak ]
[ Gabriola Coast Realty ]
[ Gabriola Island British Columbia ]
Posted by: Gabriola Island at January 10, 2004 6:23 AM
Nice site. thx.
Posted by: Online Casino at January 16, 2004 2:55 AM
Posted by: julia at January 24, 2004 6:55 PM
RAD.... been enjoying looking through your archives.
Posted by: jeff at April 2, 2004 1:11 AM
And there were strip poker free, which stunt head-in-the-clouds poker games about in unpartisan party poker arranged with ten-thousand-dollar art. Out of the South it was that the White Ship used to come when the moon was elfin and folded in the the poker room. The pain and pounding in my head had been quite woodland when the drug was administered, Of the future I had no heed, to escape, whether by cure, unconsciousness, or death, was all that committed me. In summer the online poker sites cooled with least dry breezes skillfully quivered by fans, and in winter they were heated with accompanying fires, so that in those gardens it was always supplement.
Posted by: online poker at December 19, 2004 12:56 AM
dbvsbr
Posted by: gjnfg at December 30, 2004 6:09 AM
Hello folks nice blog youre running
Posted by: lolita at January 20, 2005 12:11 AM
http://homeloansinterestrate.info/index.html home mortgage loans home mortgage loans |
Posted by: home loans at February 16, 2005 6:52 PM
http://homeloansinterestrate.info/index.html home loans home loans | http://homeloansinterestrate.info/home-loans-interest-rate.html home mortgage loans interest rate home mortgage loans interest rate | http://homeloansinterestrate.info/home-equity-loans.html home mortgage equity loans home mortgage equity loans | http://homeloansinterestrate.info/home-equity-calculator.html equity calculator equity calculator | http://homeloansinterestrate.info/home-equity-refinance.html home equity refinance home equity refinance | http://homeloansinterestrate.info/home-loans-refinance.html home loans refinance home loans refinance | http://homeloansinterestrate.info/home-mortgage-rates.html home loan mortgage rates home loan mortgage rates | http://homeloansinterestrate.info/lowest-mortgage-rates.html lowest rates lowest rates | http://homeloansinterestrate.info/reverse-mortgage.html mortgage mortgage | http://homeloansinterestrate.info/mortgage-loan-amortization.html loan amortization loan amortization | http://homeloansinterestrate.info/mortgage-brokers.html mortgage brokers mortgage brokers | http://homeloansinterestrate.info/home-mortgage-lenders.html home mortgage lenders home mortgage lenders | http://homeloansinterestrate.info/second-mortgage-purchase.html second mortgage purchase second mortgage purchase | http://homeloansinterestrate.info/mortgage-insurance.html home mortgage insurance home mortgage insurance | http://homeloansinterestrate.info/mortgage-rate-quotes.html home mortgage rate quotes home mortgage rate quotes | http://homeloansinterestrate.info/mortgage-home-loan-calculator.html home loan calculator home loan calculator | http://homeloansinterestrate.info/mortgage-interest-rates.html interest rates interest rates | http://homeloansinterestrate.info/mortgage-loan-calculator.html home mortgage loan calculator home mortgage loan calculator | http://homeloansinterestrate.info/mortgage-interest-rates.html mortgage interest rates mortgage interest rates | http://homeloansinterestrate.info/mortgage-loan-company.html home mortgage loan company home mortgage loan company | http://homeloansinterestrate.info/equity-refinance-calculator.html refinance calculator refinance calculator | http://homeloansinterestrate.info/equity-loan-interest-rates.html home equity loan interest rates home equity loan interest rates | http://homeloansinterestrate.info/cheapest-mortgage-rates.html cheapest mortgage rates cheapest mortgage rates | http://homeloansinterestrate.info/.html | http://homeloansinterestrate.info/.html | http://homeloansinterestrate.info/.html
Posted by: home loans at February 16, 2005 6:54 PM
http://titaniumringsbands.info ring ring |
Posted by: rings at February 16, 2005 8:23 PM
http://titaniumringsbands.info rings rings | http://titaniumringsbands.info/earrings.html earrings earrings | http://titaniumringsbands.info/bands.html bands bands | http://titaniumringsbands.info/titanium-rings.html titanium rings titanium rings | http://titaniumringsbands.info/titanium-ring.html titanium ring titanium ring | http://titaniumringsbands.info/titanium-bands.html titanium bands titanium bands | http://titaniumringsbands.info/titanium-band.html titanium band titanium band | http://titaniumringsbands.info/titanium-earrings.html titanium earrings titanium earrings | http://titaniumringsbands.info/titanium-jewelry.html titanium titanium | http://titaniumringsbands.info/titanium-wedding-bands.html titanium wedding bands titanium wedding bands | http://titaniumringsbands.info/titanium-wedding-band.html titanium band titanium band | http://titaniumringsbands.info/titanium-wedding-ring.html titanium ring titanium ring | http://titaniumringsbands.info/titanium-wedding-rings.html titanium ring titanium ring | http://titaniumringsbands.info/titanium-engagement-rings.html titanium ring titanium ring | http://titaniumringsbands.info/mens-titanium-wedding-bands.html titanium band titanium band | http://titaniumringsbands.info/wholesale-titanium-rings.html titanium ring titanium ring | http://titaniumringsbands.info/wholesale-titanium-bands.html titanium band titanium band | http://titaniumringsbands.info/discount-titanium-rings.html titanium ring titanium ring | http://titaniumringsbands.info/discount-titanium-bands.html titanium band titanium band
Posted by: rings at February 16, 2005 8:24 PM