Monday, July 11, 2005 7:52 PM bart

Security - passphrases

I've checked my blog history today and I was very amazed not to find a post on passphrases yet (although I had the very opinion to have written something about it earlier, maybe it was just an e-mail or so). Well, what is it? One of the places where natural language and computer technology are sitting to close to each other is in the word password. People seem to read this word too literally, therefore trying to find a word of 7 or more characters, containing at least three of those: uppercase, lowercase, digits, non-alphanumeric symbols. The result of this password-finding brainteaser is often a cryptic easy-to-forget "word" looking like W!nd0ws or something. Replacing the i with an ! or the e with an € or the s with an $ and so on seems to be the greatest computer scientific invention made by several thousands of people right now :-). Therefore, it's better to think of passphrases. Nobody has ever told you a password box cannot contain a space, so it can. When trying to remember a sentence such as "Where do you want to go today?" (sorry for any company-related influence whatsoever in the samples I'm presenting over here ;-)) you end up with a string that has the right length and the right complexity composition, in addition with the characteristic of better memorization therefore reducing the number of password-reset-calls to the IT department.

At TechEd I bought the book "Protect Your Windows Network From Perimeter to Data" of Jesper M. Johansson and Steve Riley (both working at Microsoft Corporation), which I'd like to recommend to everyone who has concerns around security. Although I just finished browsing through the contents, I guess it will end up as one of the security bibles on my shelf, next to "Writing Secure Code" by Howard and LeBlanc. I'll be posting more about my readings later on over here. | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:


# re: Security - passphrases

Tuesday, July 19, 2005 8:30 PM by bart

Thanks for the mention! Hope you enjoy reading the book as much as we enjoyed writing it.