The way you pick a password is older than a B&W TV show

By David Allen - 21 Oct '15 09:45AM
Close

Computer security is evolving, but not always in a helpful direction.

A joint study by an American and a French expert concludes that trying to make passwords more security by putting in numbers and mixing CAPITAL and small letters doesn't even help.

Yes, some of your favorite websites make you do this. Quite possibly the IT Department at work makes you do this. But they're probably wrong.

Who are you going to believe? Your company's IT guy or highly experienced security researchers Matteo Dell'Amico of Symantec and Maurizio Filippone of Eurecom, the French research institute?

Up to you (and your dictatorial IT guy) but read the new study by Dell'Amico and Filippone and you'll get a different answer.

It sounds good when the IT guy says you should mix cases and insert a number or two because it increases the number of attempts that will be necessary to break your password by random guesswork. Agreed? Sounds good? Logical?

Forget it, say the two experts in a paper you can download and read for yourself if still are skeptical.

Cut to the chase. Dell'Amico and Filippone: Password guessing by hackers and criminals is not random. They have evolved, and they and their computers use specialized lists of non-random password-detecting software and hacking programs. Their software is actually awesome. For example, known and available hacking tools have sucked in, analyzed and listed 130 million passwords obtained when criminals broke into Adobe in 2013.

The best defense against password hacking, say the researchers, is to make it longer. Start with an unusual password - not your dog's name or your birthday - and then add another unusual word, and then another.

Like most researchers today, Dell'Amico and Filippone believe that passwords themselves are rapidly becoming as outdated as a black and white TV show. In the meantime, mixing cases and inserting numbers isn't any help.

Fun Stuff

Join the Conversation

The Next Read

20 Oct '15 19:46PM

ESPN to Fire Hundreds

Real Time Analytics