Saturday, April 28, 2012

Creating a Safe Password

     Love it or detest it, know-how has become a large part of our everyday lives. From the office to our homes, & everything in between, they are surrounded by devices, gizmos, & do-dads that are all designed to "help" us & make our lives "easier". While they could go on & on about whether or not all this know-how actually does this, the point of this editorial is about something decidedly more annoying, & more specific Passwords. Yes, those terribly annoying tiny (or long) things that they use to secure all of our personal "stuff" from nefariously-minded co-workers, bosses, spouses, friends, children, etc... The number of passwords that they must keep track of day-to-day can be staggering! From the ones that they use on a regular basis that are, as such, simple to keep in mind, to the "wait-that-has-a-password?-i-cant'-remember-what-i-set-it-to-the-last-time-i-logged-in-ten-years-ago" beasts that put a major speed bump in our lives at the wrong time.

     We have all come up with our tiny devices on how to keep in mind all of these tiny devils. From setting them to something that is simple & obvious to keep in mind (& guess), to making all of them the same, to adding trickery by ending swapping out the 'e's with '3's & ending all of them with a '1', or an '!', all of them have their nice points & bad points. Above all this, there is thing all of us understand, namely, that the passwords that protect our most valuable stuff must be complicated & confusing in order to be secure. Right? Wrong. Although unintentionally misguided, this idea of passwords having to be "complex" in order to be secure has its roots in something called password entropy.

     First, a tiny dip in to the theoretical side of the pool... Password entropy is the way in which technical geek-types measure how secure a password is. In a nutshell, entropy states that there's a finite number of guesses you can make for each character in a password before you get that particular character right. To increase a passwords entropy (or security), you increase the number potential characters that each individual character can be. This means that the bad guys have more guesses to make per character, & that your password is more secure. Confused? Let's break this down in to something a bit more tangible. Let's analyze a PIN number from an entropy standpoint. A typical PIN number has digits, each a numbered from 0 to 9. In entropy-speak, this means that in0 guesses or less, & password cracker will absolutely get the correct digit for each individual digit in the PIN number.

     Without going in to the math, each symbol in a 10-symbol-based password, has an entropy of three.3219. That is not excellent. So how do you make this PIN number more secure? option -which is the most-utilized option, is to increase the number of feasible symbols each character can be. In our PIN number, by adding the letters A through Z (without case-sensitivity) in to the mix, an additional 26 feasible guesses must be made in addition to our original ten. In entropy, our newly-upgraded PIN has an entropy of five.1699. Very full bits better than our original. If they then add case-sensitivity, spaces, & all the special characters they have on our keyboards (like '!', '@', etc..) they can push entropy up to 6.5699.

No comments:

Post a Comment