PCPlus 314: Choose the right password

This particular article sprung pretty much fully formed from an XKCD comic. It’s the one called “Password Strength” and talks about password entropy and about choosing a password by selecting four separate words at random. I’m sure my readers, sophisticated souls that they are, already know of it.

PCPlus logoI decided to flesh out Randall Munroe’s comic by explaining what information entropy is and how it applies to passwords. I talk about the entropy of an ATM PIN (which is generally just four digits) and how it’s just not that great and that we rely on the bank shutting down the attempts rather than hoping the guesser gives up. Interestingly, just after I’d written the article but before it was published, someone did a wonderful analysis of what people choose for four-digit PINs and that it just isn’t that random. (For example: nearly 11% of four-digit passwords in the sample set were “1234” –  really, people? – and 6% of them “1111”. Sigh.)

I also go over the absolute need for a password manager, one that can store your passwords securely (and that means using hard encryption) and that generate hard high-entropy passwords for you at the drop of a hat. Failing that, I give a couple of ideas for generating passwords that would be fairly simple to remember but extremely hard to break.

Finally I end up with Munroe’s point: four random words selected from a dictionary of say 2000 has a very high entropy and will be hard to break, yet fairly easy to remember. It turns out that a fan of XKCD wrote a website that can do that for you: passphra.se. The biggest problem with this particular scheme is the number of websites and programs that don’t accept long passwords or passphrases. Nevertheless, despite the brilliance of this idea, you still have the same problem: memorizing a gazillion passwords for a gazillion sites. And we’re back to the password manager concept (I use SplashID since it’s available on Windows, the Mac, and iOS and the database is shared among all of them.)

By the way. I still love the password gag at the end of the article from Nick Helm: “I needed a password eight characters long, so I chose ‘Snow White and the seven dwarves’.”

This article first appeared in issue 314, November 2011.

You can read the PDF here.

(I used to write a monthly column for PCPlus, a computer news-views-n-reviews magazine in the UK, which sadly is no longer published. The column was called Theory Workshop and appeared in the Make It section of the magazine. When I signed up, my editor and the magazine were gracious enough to allow me to reprint the articles here after say a year or so.)

Album cover for Blade RunnerNow playing:
Vangelis - Tales of the Future
(from Blade Runner)

Loading similar posts...   Loading links to posts on similar topics...

2 Responses

#1 Heru Prasetyo said...
19-Jan-14 7:59 AM

Hi Julian,

Great blog, been flicking through some of your posts to gather some information regarding my dissertation.

I am currently scouring the internet for issue 314 of PCPlus that has a section about video encoding. After reading about how you were a writer before the magazine was unfortunately discontinued, I was hoping that maybe you have a copy of issue 314 available? If so could I possibly have a scan or a copy of it?

I would be happy to pay you if you required some compensation? Any information would be greatly appreciated. Thanks in advance!

julian m bucknall avatar
#2 julian m bucknall said...
19-Jan-14 3:36 PM

Heru: Long gone I'm afraid. Once I had the PDFs of my articles I used to toss the issue of the paper magazine -- our basement is too full of stuff already.

Cheers, Julian

Leave a response

Note: some MarkDown is allowed, but HTML is not. Expand to show what's available.

  •  Emphasize with italics: surround word with underscores _emphasis_
  •  Emphasize strongly: surround word with double-asterisks **strong**
  •  Link: surround text with square brackets, url with parentheses [text](url)
  •  Inline code: surround text with backticks `IEnumerable`
  •  Unordered list: start each line with an asterisk, space * an item
  •  Ordered list: start each line with a digit, period, space 1. an item
  •  Insert code block: start each line with four spaces
  •  Insert blockquote: start each line with right-angle-bracket, space > Now is the time...
Preview of response