A better way to think about passwords
Ingo Klöcker
kloecker at kde.org
Mon Apr 18 21:45:07 CEST 2011
On Monday 18 April 2011, Robert J. Hansen wrote:
> On 4/18/2011 1:02 PM, Mark H. Wood wrote:
> > Oh, sure -- I do that too. But the CC memorization problem seems a
> > lot easier. First, it's all digits, not a typical Base64 mishmash.
>
> YMMV, but to me a glyph is a glyph is a glyph.
>
> > Second, it's not a 23-digit number; it's a 16-digit number, a date,
> > and a 3-digit number.
>
> The date is usually encoded as four digits. On mine, for instance,
> it reads 0112.
Yes, it's four digits. But it's also a month (there are only 12) and a
year (which most likely is less than a few years later than today).
Therefore comparing four digits representing a date with a random group
of four digits without apparent meaning is a bit weird. Also, I'd
remember the date as January 2012 and not as Oh-One-One-Two.
> A 16-digit number, a four-digit number and a
> three-digit number turns into a 23-digit number. I personally chunk
> it into five groups of four and one group of three.
>
> > OTOH if there are any useful groupings in
> > "c2l4IHdvcmRzIGxvbmcuCg=="
>
> c2l4 IHdv cmRz IGxv bmcu Cg==, as six chunks of four, took me about
> fifteen minutes spread out over ninety minutes to memorize. However,
> it is not beyond the realm of possibility that I am a freak of
> nature. :)
No. You are actually slow. :-p
There are techniques which allow people trained in those techniques to
remember such a string of characters in a much shorter time, e.g. you
could "invent" a story with 22 words starting with the 22 characters.
As you wrote in another message: This doesn't come for free. One has to
train this.
FWIW, I have a fairly complicated totally random 20-character passphrase
(letter, digits, symbols) which I have memorized pretty quickly after
using it for a few days having to type it each time I start my computer.
(I memorized it without using any of those techniques I referred to
above.) Then again, I can't really tell you this passphrase. I can type
it (with all 10 fingers) but I couldn't tell it to you without
simulating typing it. Maybe I'm a freak of nature. :-)
Or maybe that's just how 10-finger-typing works.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110418/1d7edbc8/attachment.pgp>
More information about the Gnupg-users
mailing list