Saturday, April 28, 2012
Creating a Safe Password
We have all come up with our tiny devices on how to keep in mind all of these tiny devils. From setting them to something that is simple & obvious to keep in mind (& guess), to making all of them the same, to adding trickery by ending swapping out the 'e's with '3's & ending all of them with a '1', or an '!', all of them have their nice points & bad points. Above all this, there is thing all of us understand, namely, that the passwords that protect our most valuable stuff must be complicated & confusing in order to be secure. Right? Wrong. Although unintentionally misguided, this idea of passwords having to be "complex" in order to be secure has its roots in something called password entropy.
First, a tiny dip in to the theoretical side of the pool... Password entropy is the way in which technical geek-types measure how secure a password is. In a nutshell, entropy states that there's a finite number of guesses you can make for each character in a password before you get that particular character right. To increase a passwords entropy (or security), you increase the number potential characters that each individual character can be. This means that the bad guys have more guesses to make per character, & that your password is more secure. Confused? Let's break this down in to something a bit more tangible. Let's analyze a PIN number from an entropy standpoint. A typical PIN number has digits, each a numbered from 0 to 9. In entropy-speak, this means that in0 guesses or less, & password cracker will absolutely get the correct digit for each individual digit in the PIN number.
Without going in to the math, each symbol in a 10-symbol-based password, has an entropy of three.3219. That is not excellent. So how do you make this PIN number more secure? option -which is the most-utilized option, is to increase the number of feasible symbols each character can be. In our PIN number, by adding the letters A through Z (without case-sensitivity) in to the mix, an additional 26 feasible guesses must be made in addition to our original ten. In entropy, our newly-upgraded PIN has an entropy of five.1699. Very full bits better than our original. If they then add case-sensitivity, spaces, & all the special characters they have on our keyboards (like '!', '@', etc..) they can push entropy up to 6.5699.