Math gets a bad rap these days, although Iโm not sure it ever really had a good one. Iโd blame a lack of role model โ except for maybe Alan Turing โ but he was only made popular by Benedict Cumberbatch in The Imitation Game. Turing, despite breaking the code for the enigma machine and laying the ground work for modern computing, remains unsexy. And so does math.
But math is the foundation for encryption, and for why we need passwords. Despite what websites will ask of you, having a password like HunTer2! is not a very good password.
In order to understand why thatโs not a good password, you need to understand how your password-protected accounts can be compromised. The first and most basic way to get into someoneโs account is by something called social engineering. Social engineering is based on the premise that itโs easier to use someoneโs personal failings to get into their accounts than it is get the necessary hardware, software and training to do so using a computer. Simply put, you get someone to let you into their accounts by tricking them or by using their lazy personal security measures.
Phone scams use social engineering. They call you up, say they are from a reputable organization and ask for your account information or your credit card information. This is successful because idiots willingly give over this information. To avoid this ask the person on the phone if you can call them back. Then Google the reputable organization and call their 1-800 number and ask about the phone call. If it was legit, theyโll be able to tell you about it. If itโs not now they know thereโs a scam involving their organization and they can take action.
Iโm sure youโve seen a Facebook post before by someone who has been โhackedโ by a โloved oneโ from a shared computer in a personal space. Generally the rest of the family rolls their eyes and says that it wasnโt hacking, butโฆ Turns out your Aunt Betty who doesnโt understand computers understands hacking better than you do. The way to avoid this is to log out of computers in shared spaces or, if itโs a shared computer, set up your profile so that the computer goes to sleep quickly and requires a password to get back into your account. Also, donโt leave your password on a Post-it note on the monitor.
A computer does not care about what characters you use in your password, it just cares how many there are. With the HunTer2! example above thatโs just eight characters that a computer needs to guess. Iโm not going to pretend to be a mathematician, but Iโve been told by those with a higher math aptitude that myself that this password would be guessed by a computer within a week.
Not only that, but we humans are โ by nature โ lazy creatures. Since passwords with random characters are hard to remember, Iโll likely do one of two things. 1) Use that password over and over again which means once itโs compromised, all my accounts are compromised. And 2) Iโll post it to my monitor so that I donโt have to remember it.
Whatโs a good password? Four random words. Could be anything. MousePianoBottleApple for example. Now you also have a neat little picture in your head of a mouse playing the piano drinking an apple out of a bottle. So thatโs easy to remember and it would take the computer from the above scenario a couple hundred years to guess. But to best summarize this article, hereโs a relevant XKCD.
Recent Comments