Esperanto for the win then, passwords-wise. Although, I would doubt my north-eastern accent, if translated literally, would be just as far-out
On 15 March 2012 14:12, Kurt Buff <[email protected]> wrote: > > http://arstechnica.com/business/news/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices.ars > > By Dan Goodin > Ars Technica > March 14, 2012 > > Passwords that contain multiple words aren't as resistant as some > researchers expected to certain types of cracking attacks, mainly > because users frequently pick phrases that occur regularly in everyday > speech, a recently published paper concludes. > > Security managers have long regarded passphrases as an > easy-to-remember way to pack dozens of characters into the string that > must be entered to access online accounts or to unlock private > encryption keys. The more characters, the thinking goes, the harder it > is for attackers to guess or otherwise crack the code, since there are > orders of magnitude more possible combinations. > > But a pair of computer scientists from Cambridge University has found > that a significant percentage of passphrases used in a real-world > scenario were easy to guess. Using a dictionary containing 20,656 > phrases of movie titles, sports team names, and other proper nouns, > they were able to find about 8,000 passphrases chosen by users of > Amazon's now-defunct PayPhrase system. That's an estimated 1.13 > percent of the available accounts. The promise of passphrases' > increased entropy, it seems, was undone by many users' tendency to > pick phrases that are staples of the everyday lexicon. > > "Our results suggest that users aren't able to choose phrases made of > completely random words, but are influenced by the probability of a > phrase occurring in natural language," researchers Joseph Bonneau and > Ekaterina Shutova wrote in the paper (PDF), which is titled > "Linguistic properties of multi-word passphrases." "Examining the > surprisingly weak distribution of phrases in natural language, we can > conclude that even 4-word phrases probably provide less than 30 bits > of security which is insufficient against offline attack," the paper > says. > > [...] > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- http://appsensebigot.blogspot.com IMPORTANT INFORMATION/DISCLAIMER I certainly don't have time to monitor the content of e-mail sent and received via this account for the purposes of ensuring compliance with anyone's policies and procedures. I am pretty sure that somewhere in UK legislation there is some politically-correct drivel that stipulates I must never send or store e-mails or attachments that are obscene, indecent, sexist, racist, defamatory, abusive, in breach of copyright, encrypted, amusing, overly long, slightly opinionated, anonymous, likely to harm animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent minority (such as extraterrestrial eggplants). Emails of this nature sent in or out of this account may be intercepted and stopped by the system, but it's a long shot. This being the UK, even if I was prosecuted for breach of said email guidelines, I'd probably walk with a suspended sentence anyway, but if I'd forgotten to pay my car insurance, I'd most certainly be hung, drawn and quartered. I am not responsible for any changes made to the message after it has been sent, in more or less the same way that cyclozine manufacturers aren't responsible for drug addicts mixing it with methadone and overdosing, so I'm glad I cleared the confusion up there nice and early. Where opinions are expressed, they are not necessarily mine. However, I don't make a habit of expressing other people's opinions for them, so you shouldn't take that statement as an indication that I am in the business of providing an opinion-expressing service. In the event that I did, this discourse would provide no guarantee that I would do it anyway, but I don't, so I won't. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended addressee, or the person responsible for delivering it to them, aside from the fact that you've clearly got some level of unauthorised access to their account or are at least engaged in some sort of fraud, I'm obliged to tell you that may not copy, forward disclose or otherwise use it or any part of it in any way. To do so may be unlawful, and as you're already breaking the law, I am sure that bombshell makes you quake in your boots and turn yourself over to law enforcement immediately. If you receive this e-mail by mistake, please advise the sender immediately. That would be me, and as I am clearly prone to sending emails to completely the wrong person, I should instantly be stripped of my status as a technical consultant and sent to do something more becoming of my stupidity, such as appearing on Big Brother, the X Factor or "insert country name here"'s Got Talent. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
