Edward Snowden explains to John Oliver why most passwords are useless against sophisticated hackers and how to create better ones that are actually easier to remember.
This isn’t a new discussion. In his 1989 book “The Cuckoo’s Egg”, Clifford Stoll talked about password vulnerability and gave his ideas on them. He suggests using multiple short words and numbers that are unrelated (e.g. pig1912tree). It’s easy to remember but hard to guess. If crackers (*) have ever broken into any of my accounts, they have left no trace of it. I’ve never seen an obvious intrusion.
Passphrases are as predictable and vulnerable as passwords. Crackers break in because people use easy to guess passwords, there are lists of the most common ones. Lists of common phrases are easy to compile, and people are already doing it (e.g. “Shall we play a game”, “Open sesame”) -- using common phrases as passwords, and using them to break in.
(* In traditional parlance, a hacker builds code or finds solutions to problems. A cracker invades systems without permission, which is what we’re talking about.)
And the mandatory XKCD comic: https://xkcd.com/936/
Illustration of the principle by XKCD.
This isn’t a new discussion. In his 1989 book “The Cuckoo’s Egg”, Clifford Stoll talked about password vulnerability and gave his ideas on them. He suggests using multiple short words and numbers that are unrelated (e.g. pig1912tree). It’s easy to remember but hard to guess. If crackers (*) have ever broken into any of my accounts, they have left no trace of it. I’ve never seen an obvious intrusion.
Passphrases are as predictable and vulnerable as passwords. Crackers break in because people use easy to guess passwords, there are lists of the most common ones. Lists of common phrases are easy to compile, and people are already doing it (e.g. “Shall we play a game”, “Open sesame”) -- using common phrases as passwords, and using them to break in.
(* In traditional parlance, a hacker builds code or finds solutions to problems. A cracker invades systems without permission, which is what we’re talking about.)