The Chair is Against the Wall
I've been seeing articles here and there in the popular press ( Internet and otherwise ) about the importance of passwords. Specifically, I've been seeing lots of opinions about the importance of strong passwords. I haven't done any extensive searches for pertinent literature or postings on the matter, but I have some observations and a couple of questions:
- Observation #1: I understand that many people have trouble making up and remembering (strong) passwords. Some people just can't seem to handle the task, and use one password for everything. On the other hand, I have no trouble keeping straight (and regularly changing) the 14 or so passwords I use for different purposes - but maybe that's just me.
-Observation #2: I understand, mostly, the math supporting claims such as, "it would take 1,000 computers a 1,000 years to guess a password like [password goes here]."
-Observation #3: a) If you put a lock on a box, all you've done is make one side stronger than the others. (I actually got this from Heinlein's "Podkayne of Mars" when I read it in 1964. Maybe remembering that detail is part of the reason I don't have trouble with my 14 changing passwords (see #1, above). Putting a lock on a container may actually represent misplaced effort and misused materials; it might actually be better to put your valuables somewhere other than behind what amounts to a sign that says, ???valuable stuff stored here.??? (This I get from the yard signs that try to say, "Acme Security on Duty - Trespassers will be confronted by Wiley Coyote," but really say, "We have stuff we don't want stolen, so we've entrusted our security to a call center in Texas which may or may not call local police, who may or may not respond." Just saying...)
-Question #1: If there are y^x possible letter/number/symbol combinations that provide the list of possible passwords someone might have used, and the right one is tried first, that sure wouldn't take 1,000 years, would it? So - what am I missing?
-Question #2: Even given the resistance that might come from the distaste some people have for biometrics (I'm one of them, but that's another matter), wouldn't an easy-to-remember password in combination with some biometric parameter(s) just about take care of the whole matter? Feel free to include the usual "yeah, but..." and "what about..." qualifiers.
I thank you, and Leslie thanks you.
Keep Up with TechRepublic