Just what are you trying to protect?
Written at Phoenix Sky Harbor Airport and dispatched to silicon.com from the BA lounge via a free wi-fi service
Can you imagine what a password of the following form might be used to protect '2c93b8819ca8c7d23dbeb628a8'? It is the 26-character password for wi-fi access at a really small (and I mean small) hotel in the UK.
Similarly 'k5f4epxxvypt4gq2' (16 characters!) is the wi-fi password at a modest conference centre in the EU.
Both of these passwords required a payment in excess of $15 per day and delivered the usual ADSL dribble. Not what I call good value for money - a very high price for a really second rate service.
In contrast my hotel in Phoenix, and here at the airport, there is free broadband access at well over 10 times faster than the UK/EU rate. What is more, the access process was straightforward and convenient. No phone call or hike down to the reception desk to collect a token and pay the bill. And more importantly, no time wasted trying to type in an incomprehensible and long string of meaningless characters.
Typing in something of the form 2c93b8819ca8c7d23dbeb628a8, usually making at least a couple of errors, and the whole process seems way over the top for any application. What are these people trying to protect?
Now for another observation. The password and PIN for my bank account involves a total of 11 characters, and the door access code of many company offices I visit only use four or five character key codes.
From all of this I have deduced two things:
- A new theory of passwords for the real world that seems close to reality: The length of any password is inversely related to the value of the assets being protected, and as a consequence, the inconvenience of access is similarly related.
- The access code to the main vault at The Bank of England is probably only two characters which may well be written on a Post-It and visible to all on a notice board close by