All who ever use passwords, and knows the rules that should be followed to ensure that a personal password was hard to guess. These rules of information security have become almost the de facto standard:
- The password must be a long, more than 6 characters, word, preferably meaningless. By the way, in the translation from the French "parole" - this is the "word". And the English word "password" is made up of two halves, the second of which, "word", also means "word".
- In the password, use big and small letters, numbers and special characters (like "!").
- The password must be changed every 90 days. Therefore, nobody wants to remember the password. For a few days, you can remember this abracadabra, but it's pointless because you'll soon have to change it to another abracadabra.
The introduction of these simple and completely reasonable rules into frivolous users' heads has spoiled a lot of blood to system administrators. And when it began to be "hammered" into the algorithm for checking the password for sufficient complexity - then it was already bad for users. Long and meaningless words, in which the letters are interspersed with numbers - try to remember. "And who invented this absurdity!" - probably sighed aunts from the personnel departments and accounts departments more than once.
The culprit of all this disgrace is known. This is Bill Burr. In 2003, he headed the National Institute of Standards and Technology (NIST), which produced a special report that discussed the question of "correct" passwords for entering information systems. This report is the primary source of all user suffering.
But everything flows, everything changes. In August 2017, Bill Barr gave an interview to a serious business newspaper, The Wall Street Journal, in which he said that he would now give up some of the recommendations given 15 years ago.
Why? The matter is that, as a rule, the password is solved by a blunt search of possible variants on a very powerful computer. In this case, the length of the password is the more important protective factor than the variety of symbols of its components. Moreover, the number of possible symbols is limited, and there are practically no restrictions on the password length.
"So what? - the same aunt from the personnel department or from the accounting department will ask us. "It's hard to remember a long password, too."
How do specialists suggest that we act now to facilitate the generation of long passwords, as well as their memorization?
They advise choosing randomly 3 to 5 words from a conventional dictionary and writing them down as a long word without spaces. As an improving variant, it is recommended to separate words by any special symbol (for example, "-" or "_") or to write each word with a capital letter.
Remember any three words any normal person. This does not require grandiose efforts or cunning mnemonics. In the Wall Street Journal, a conversation with Bill Barr illustrates a small comic.
This comic strip demonstrates that to decrypt the "correct-horse-battery-staple" password with a length of 27 characters, it will take 550 years, while to decrypt the shorter password "Tr0ub4dor & 3", compiled according to all the rules that recommended us 15 years back, it will take only three days. The first password is easier to remember that the second one because it is made up of 4 easily remembered words. Easily remembered for those to whom English is native or well-known. But what about not so literate people?
- Well, first, you can use online generators long codes. Type in the search engine, the above-mentioned word "correct-horse-battery-staple" and you'll be taken to one of these generators.
- And secondly, those who English does not know to come up with a strong password is even simpler than the British or Americans. You only need to use the words of that language that you know well.
Those who use languages with traditionally long words will have an advantage. They can only remember one or two words. For example, a good candidate for the password is the German word for "Ausweisnummer" ("ID number") — 13 letters. The actual ID number, or its close relative, will lengthen this lovely password to 8-9 digits. Perfect!
Those who are familiar with Dutch can choose as strong password phrase "EenBakjeTroost" ("Checkcode"), and those who are not alien to the Latvian language, can use as a password the word "pretpulkstenraditajvirziens" ("Degtiarevskaya"). They say it's the longest word in the Latvian language. Here it's written wrong because some letters are peculiar only to the given language — with a Superscript and subscript characters are written without them. Well and good, enemies will be harder to understand!
Those who use Cyrillic or other non-Latin scripts, even expanse. Most of the Cyrillic characters directly transcribed in English letters. For those letters whose transcription is ambiguous ("C", "g", "s", "s", "y", Ukrainian ","), you should decide for yourself how to write them in English letters. One option could be to — do to pass on the letter distressed letters. A good password "VashePrevoshoditelstvo", isn't it? Well suited as a password and the word "bishenche-arty", which in Moscow not everyone knows, and here in Kazan...
It seems that this way of securing your private information will appeal to many.
The longest word in the password — the best solution.
And Yes, the password must be changed periodically. This old rule remains in force.
Not to forget about him in a long password is to add a few numbers or words — the date of the password change. For example: "SismaHazakaAd0119".
Entering that password several times a day, do not forget that it should change in January 2019.