Security Corner

Jun 4 2011   3:00PM GMT

The New Password Paradigm – Part 1



Posted by: Ken Harthun
Tags:
GRC.com
Password Paradigm
passwords
Security
Security best practice
Steve Gibson

Break out your pet’s name, your children’s names, your spouse’s name or any other easy-to-remember words or phrases that I–and every other security wonk–have been telling you never to use. Apparently, we’ve been giving you some information that isn’t as valid as we thought. In fact, depending on how you look at it, we may have been completely wrong with some of the things we insisted you do or don’t do. Don’t misunderstand, what we told you worked and the information would have resulted in greater security, it was just too darned complex. Because of that, many people just didn’t make the extra effort

There has been a sea change in the password paradigm, thanks to Steve Gibson of GRC.com who uses the needle-in-the-haystack analogy for passwords. It is an approach that results in even greater security while letting you create easily-remembered passwords. Gone are the days where you had to use such cryptic and impossible-to-remember passwords like PrXyc.N(n4k77#L!eVdAfp9. Steve gives an elegant explanation including an excerpt from the June 1st Security Now! podcast on is Password Haystacks page. The site also has what he calls a “Search Space Calculator” that will give you some real insight into what the hackers are up against.

The new password paradigm is to invent your own personal padding policy. “What the heck is that,” you say? It’s extremely simple: 1. Invent a pattern of characters that you will easily remember; 2. Pad your memorable words, phrases, dates, etc. with that pattern. The easiest way is to put the pattern before and after your chosen phrase, but you can do it any way you like as long as it is memorable for you. The beauty of this system is that you can even use any of the Top 500 Worst Passwords of All Time as long as you pad them. You can use any dictionary word, name, date, phrase–whatever you wish–and you’ll be OK.

I’ll expand on this concept in Part 2.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: