Math gets a bad rap these days, although I’m not sure it ever really had a good one. I’d blame a lack of role model – except for maybe Alan Turing – but he was only made popular by Benedict Cumberbatch in The Imitation Game. Turing, despite breaking the code for the enigma machine and laying the ground work for modern computing, remains unsexy. And so does math.
But math is the foundation for encryption, and for why we need passwords. Despite what websites will ask of you, having a password like HunTer2! is not a very good password.
In order to understand why that’s not a good password, you need to understand how your password-protected accounts can be compromised. The first and most basic way to get into someone’s account is by something called social engineering. Social engineering is based on the premise that it’s easier to use someone’s personal failings to get into their accounts than it is get the necessary hardware, software and training to do so using a computer. Simply put, you get someone to let you into their accounts by tricking them or by using their lazy personal security measures.
Phone scams use social engineering. They call you up, say they are from a reputable organization and ask for your account information or your credit card information. This is successful because idiots willingly give over this information. To avoid this ask the person on the phone if you can call them back. Then Google the reputable organization and call their 1-800 number and ask about the phone call. If it was legit, they’ll be able to tell you about it. If it’s not now they know there’s a scam involving their organization and they can take action.
I’m sure you’ve seen a Facebook post before by someone who has been ‘hacked’ by a ‘loved one’ from a shared computer in a personal space. Generally the rest of the family rolls their eyes and says that it wasn’t hacking, but… Turns out your Aunt Betty who doesn’t understand computers understands hacking better than you do. The way to avoid this is to log out of computers in shared spaces or, if it’s a shared computer, set up your profile so that the computer goes to sleep quickly and requires a password to get back into your account. Also, don’t leave your password on a Post-it note on the monitor.
A computer does not care about what characters you use in your password, it just cares how many there are. With the HunTer2! example above that’s just eight characters that a computer needs to guess. I’m not going to pretend to be a mathematician, but I’ve been told by those with a higher math aptitude that myself that this password would be guessed by a computer within a week.
Not only that, but we humans are – by nature – lazy creatures. Since passwords with random characters are hard to remember, I’ll likely do one of two things. 1) Use that password over and over again which means once it’s compromised, all my accounts are compromised. And 2) I’ll post it to my monitor so that I don’t have to remember it.
What’s a good password? Four random words. Could be anything. MousePianoBottleApple for example. Now you also have a neat little picture in your head of a mouse playing the piano drinking an apple out of a bottle. So that’s easy to remember and it would take the computer from the above scenario a couple hundred years to guess. But to best summarize this article, here’s a relevant XKCD.
Recent Comments