{"id":26673,"date":"2012-03-29T10:25:47","date_gmt":"2012-03-29T15:25:47","guid":{"rendered":"http:\/\/www.patheos.com\/blogs\/jesuscreed\/?p=26673"},"modified":"2012-03-26T07:27:46","modified_gmt":"2012-03-26T12:27:46","slug":"password-suggestions","status":"publish","type":"post","link":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/","title":{"rendered":"Password Suggestions"},"content":{"rendered":"\n<\/head>

From Online Security<\/a><\/strong> at The Economist:<\/p>\n

TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one even to do humdrum things like turning on your computer, downloading an album or buying a book online. No wonder many people use a single, simple password for everything.<\/p>\n

Analysis of password databases, often stolen from websites (something that happens with disturbing frequency), shows that the most common choices include \u201cpassword\u201d, \u201c123456\u201d and \u201cabc123\u201d. But using these, or any word that appears in a dictionary, is insecure. Even changing some letters to numbers (\u201ce\u201d to \u201c3\u201d, \u201ci\u201d to \u201c1\u201d and so forth) does little to reduce the vulnerability of such passwords to an automated \u201cdictionary attack\u201d, because these substitutions are so common. The fundamental problem is that secure passwords tend to be hard to remember, and memorable passwords tend to be insecure.<\/p>\n

The solution, say security researchers, is to upgrade the software in people\u2019s heads, by teaching them to choose more secure passwords (see\u00a0article<\/a>). One approach is to use passphrases containing unrelated words, such as\u00a0\u201ccorrect horse battery staple\u201d<\/a>, linked by a mental image. Passphrases are, on average, several orders of magnitude harder to crack than passwords. But a new study by researchers at the University of Cambridge finds that people tend to choose phrases made up not of unrelated words but of words that already occur together, such as \u201cdead poets society\u201d. Such phrases are vulnerable to a dictionary attack based on common phrases taken from the internet. And many systems limit the length of passwords, making a long phrase impractical.<\/p>\n

An update is ready for installation<\/strong><\/p>\n

An alternative approach, championed by Bruce Schneier, a security guru, is to turn a sentence into a password, taking the first letter of each word and substituting numbers and punctuation marks where possible. \u201cToo much food and wine will make you sick\u201d thus becomes \u201c2mf&wwmUs\u201d. This is no panacea: the danger with this \u201cmnemonic password\u201d approach is that people will use a proverb, or a line from a film or a song, as the starting point, which makes it vulnerable to attack. The ideal sentence is one like Mr Schneier\u2019s that (until the publication of this article, at least) has no matches in Google.<\/p>\n

\u00a0<\/p><\/blockquote>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"

From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one even to do humdrum things like turning on your computer, downloading an album or buying a book online. No wonder many people use a single, simple password for everything. […]<\/p>\n","protected":false},"author":197,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-26673","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\nPassword Suggestions<\/title>\n<meta name=\"description\" content=\"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Password Suggestions\" \/>\n<meta property=\"og:description\" content=\"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/\" \/>\n<meta property=\"og:site_name\" content=\"Jesus Creed\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-29T15:25:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-03-26T12:27:46+00:00\" \/>\n<meta name=\"author\" content=\"Scot McKnight\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Scot McKnight\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/\",\"url\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/\",\"name\":\"Password Suggestions\",\"isPartOf\":{\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#website\"},\"datePublished\":\"2012-03-29T15:25:47+00:00\",\"dateModified\":\"2012-03-26T12:27:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#\/schema\/person\/5919e847c58ffe6efb5899fb61797252\"},\"description\":\"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one\",\"breadcrumb\":{\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Password Suggestions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#website\",\"url\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/\",\"name\":\"Jesus Creed\",\"description\":\"Scot McKnight on Jesus and orthodox faith in the 21st century\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#\/schema\/person\/5919e847c58ffe6efb5899fb61797252\",\"name\":\"Scot McKnight\",\"description\":\"Scot McKnight is a recognized authority on the New Testament, early Christianity, and the historical Jesus. McKnight, author of more than fifty books, is the Professor of New Testament at Northern Seminary in Lombard, IL.\",\"url\":\"https:\/\/www.patheos.com\/blogs\/jesuscreed\/author\/scotmcknight\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Password Suggestions","description":"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/","og_locale":"en_US","og_type":"article","og_title":"Password Suggestions","og_description":"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one","og_url":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/","og_site_name":"Jesus Creed","article_published_time":"2012-03-29T15:25:47+00:00","article_modified_time":"2012-03-26T12:27:46+00:00","author":"Scot McKnight","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Scot McKnight","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/","url":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/","name":"Password Suggestions","isPartOf":{"@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#website"},"datePublished":"2012-03-29T15:25:47+00:00","dateModified":"2012-03-26T12:27:46+00:00","author":{"@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#\/schema\/person\/5919e847c58ffe6efb5899fb61797252"},"description":"From Online Security at The Economist: TWO decades ago only spies and systems administrators had to worry about passwords. But today you have to enter one","breadcrumb":{"@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/2012\/03\/29\/password-suggestions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/"},{"@type":"ListItem","position":2,"name":"Password Suggestions"}]},{"@type":"WebSite","@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#website","url":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/","name":"Jesus Creed","description":"Scot McKnight on Jesus and orthodox faith in the 21st century","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/#\/schema\/person\/5919e847c58ffe6efb5899fb61797252","name":"Scot McKnight","description":"Scot McKnight is a recognized authority on the New Testament, early Christianity, and the historical Jesus. McKnight, author of more than fifty books, is the Professor of New Testament at Northern Seminary in Lombard, IL.","url":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/author\/scotmcknight\/"}]}},"_links":{"self":[{"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/posts\/26673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/users\/197"}],"replies":[{"embeddable":true,"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/comments?post=26673"}],"version-history":[{"count":0,"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/posts\/26673\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/media?parent=26673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/categories?post=26673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.patheos.com\/blogs\/jesuscreed\/wp-json\/wp\/v2\/tags?post=26673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}