This Week's Experiment - #332 What's the Password?
And I thought the "psychic love line" ads were bad. By now you probably
know that the group was hacked. They got into the Yahoo groups account, not my
computer. They posted offensive e-mails and then left. According to the
news, there was a contest this weekend, to see who could hack and deface the
most sites. I am afraid that we were one of their targets. I have changed
all my passwords and am working with Yahoo to prevent this in the future.
Unfortunately, this sort of thing is becoming more common.
This week's experiment is a result of the hacking. Maybe it would irritate
them to know that their attempt to create outrage turned into a teaching
opportunity. I have spent quite a bit of the past 24 hours researching
security, trying to prevent this in the future. I found that one of the best things
you can do is make a good password, so lets take a look at the science of
passwords.
What is your password? No! Don't tell me! Just think about it. How
easy would it be for someone to guess? Let's find out.
To start, have a friend pick a number in the range of 0 to 9. Now you try
to guess it. You could guess randomly, or you could just start at one end and
work your way towards the other. Is it 0? Is it 1? Is it 2? You might
get lucky and get it the first try. At most, it would take you 10 tries.
That was pretty easy. Now, have your friend pick a 2 digit number, in the
range from 00 to 99. How many tries would it take you to guess this time?
Well, you would still have ten choices for the first digit. You would also
have ten choices for the second. 10 X 10 = 100. That gives us 100 choices.
As we increase the number of digits, we make it harder to guess the number.
A three digit number gives us 1000 choices. (10 X 10 X 10) An 8 digit
number gives us 100,000,000 choices. Still, with a computer program doing the
guessing, it would only take a very short time to guess an 8 digit number.
With modern technology, we need a way to make this harder to figure out.
To do that, we add in letters. Go back to a 1 digit number, but this time,
it can be in the range of 0 to 9, or in the range of A to Z. This time,
instead of 10 choices, we have 36 (10 numbers and 26 letters). With a two
digit number, we now have 1296 possible choices (36 X 36), instead of the 100 from
our first try. That is better. Now, for an 8 digit password, we have
2,821,109,907,456 choices! Much better.
That is about as far as some systems will let you go. For more security,
some systems let you use upper and lower case letters. That is like doubling
the number of letters, so then you would have 52 letters and 10 numbers for
each digit in the password. Some systems let you use special characters, such
as #, $, %, etc. That adds even more possibilities. The more possible
combinations you have in your password, the harder it is to find the right
combination.
To get as much security as you can, pick a password that is as long as your
system allows. Include a mix of letters and numbers. If your system allows,
also use upper and lower case, as well as special characters. Be sure not
to use real words. There are dictionary programs that try words instead of
individual letters. If your password contains a word or words found in the
dictionary, then these programs can guess much quicker.
So how are you going to remember this meaningless string of characters?
Many sites suggest that you pick a sentence or phrase. For example, "My
grandmother is 98 years old!" would give us MGi98yo! That gives a fairly good,
eight digit password. It makes things a little more difficult, but it is well
worth the effort to avoid the mischief makers lurking out there.
Have a great week.
From Robert Krampf's Science Education Company
PO Box 60982
Jacksonville, FL 32236-0982
904-388-6381
krampf@aol.com
To start receiving the Experiment of the Week, just
send a blank E-mail to: krampf-subscribe@topica.com
|