Passwords have become ridiculous entities, requiring numbers, letters, and a plethora of other requirements that seem impossible to meet. In an article for MIT Technology Review, Tom Simonite explains why the current advice about what constitutes a safe password is actually misleading.
Building a More Robust Password
In a recent study using advanced password-discerning techniques, it was uncovered that requiring uppercase letters and numbers does almost nothing to make the password harder to acquire. What does make a password a stronger force is to make it longer and utilize symbols.
Matteo Dell’Amico and Maurizio Filippone presented a paper at the ACM Computer and Communications Security conference in which they discussed their recommendations about better password selection processes. When a system gives feedback about the strength of a password, it is programmed to analyze the mixture of cases, symbols, and numbers. This “guessing” is no match for the latest and greatest software on the market. This new program is trained to utilize the leaked list of millions of passwords to guess new passwords or find patterns. It can reveal passwords not properly encrypted as well as guess infinitely on devices that do not restrict guesses.
The pair devised their own new manner in which to measure the strength of a password:
They trained attack software, used it to generate lists of passwords, and invented a way to use those to assign a kind of “guessability” score to any given password. They used 10 million leaked passwords to train several kinds of attack software and tested their guessability method on another 32 million passwords.
The next time you are attempting to devise a super-secret password, keep in mind to make it longer, add an extra word or two. Passwords are slowly evolving from secret words to entire sentences. Soon enough, they could lose their usefulness.
You can read the original article here: http://www.technologyreview.com/news/542576/youve-been-misled-about-what-makes-a-good-password/