Posted on September 23, 2011 by

Password Insecurity Quickfix

I just happened upon this brute force calculator and it amazes me how just one word, “Password”, has kept security back soooo many years. Our “passwords” require numbers and symbols and can’t be based on dictionary words and have to be changed and all of this nonsense. It has obviously made people use the same password, or 3 passwords, over and over again, reducing their value immensely.

According to my bank’s ruleset, a great password would be “l5%jZ*1x(7)”. But that’s impossible to remember, it encourages reuse, and I would have to write it down somewhere.

According to GRC, it would take trillions of centuries longer to crack “My saving’s account passphrase.”. I don’t have to write this down. It discourages reuse. But it doesn’t have a number in it! My bank won’t stand for that! Godaddy doesn’t even allow spaces!

This is all because of the word “Password”. The language forces you to think of some crafty mystical word to keep your valuables secure. PGP has used the word “passphrase” as long as I can remember. Just that language increases security by hundreds of trillions of centuries(according to GRC’s brute force). What if we stop requiring all sorts of ridiculous symbols and numbers, and we require a grammatically correct sentence? What about a sentence with at least three words?