Password Memorability and Securability

NonNullSet writes "Who would have thought that that something new could be said about how best to select passwords? Ross Andreson of Cambridge University and some of his colleages have performed new empirical studies and found some pretty non-intuitive results. For example: 1. The first folk belief is that users have difficulty remembering random passwords. This belief is confirmed. 2. The second folk belief is that passwords based on mnemonic prases are harder for an attacker to guess than naively selected passwords. This belief is confirmed. 3. The third folk belief is that random passwords are better than those based on mnemonic phrases. However, each appeared to be just as strong as the other. So this belief is debunked. 4. The fourth folk belief is that passwords based on mnemonic phrases are harder to remember than naively selected passwords. However, each ap- peared to be just as easy to remember as the other. So this belief is debunked. 5. The fifth folk belief is that by educating users to use random passwords or mnemonic passwords, we can gain a significant improvement in security. However, both random passwords and mnemonic passwords suffered from a non-compliance rate of about 10% (including both too-short passwords and passwords not chosen according to the instructions). While this is better than the 35% or so of users who choose bad passwords with only cursory instruction, it is not really a huge improvement. The attacker may have to work three times harder, but in the absence of password policy enforcement mechanisms there seems no way to make the attacker work a thousand times harder. In fact, our experimental group may be about the most compliant a systems administrator can expect to get. So this belief appears to be debunked."

Mnemonic passwords....

http://www.hot4download.com/utilities/Mnemonic_Pas swords_20.htm

Downloads : 2
Publisher : Click this to go
[b]Date added : 09/30/2002[/b]
File Size : 402K
License : Free to try, $20 to buy
Requirements : Windows (all)

Publisher's Description
From the developer: "Mnemonic Passwords allows you to create -Safe- -Strong- passwords without having to commit them to memory. Mnemonic Passwords takes a phrase or set of easy to remember information and produces a password. Passwords can be customized, Passwords are individualized by computer, Gives an estimate of the strength of the password in seconds, minutes, days, years. Yet is easy to use: Run, Enter a Challenge Phrase, Click 'Generate' and you're done, there's the password."

mynuts won: most memorabull score?

user name: eyecon0meter

pword: pateNTdead

real creators suggest using newclear power vs. (Score:mynuts won, pairannoyed)
by Anonymous Coward on Monday May 24, @09:39AM (#9237105)
unprecedented evile, whilst participating in the increasingly popular planet/population rescue initiative.

no contest. this stuff is unbreakable, & wwworks on several (more than 3) dimensions.

it's probably just a suggestion.

consult with/trust in yOUR creators.... with power to spare.

eye gas va lairIE/robbIE's pateNTdead corepirate nazi sponsored PostBlock(bm) devise, is STILL not working?

Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily (forever, if we had some ept) been disabled. You can still login to post. However, if bad posting continues from your IP or Subnet that privilege could be revoked as well. If it's you, consider this a chance to sit in the timeout corner or login and improve your posting . If it's someone else, this is a chance to hunt them down (like with fuddles' phonIE bouNTy hunter scam). If you think this is unfair, we just don't care.

Re:Obligatory, Smart-ass-reply

[soloport]

Made me chuckle...

Pavlov?

[Allen+Zadr]

Damn, all of a sudden, I'm hungry. Must be lunch-time.