Thursday, 15 December 2016

Passwords

Disclaimer: This isn't exactly game development related, more of a general tech-related gripe.

Passwords are a vital concept to technological well-being. They prevent unauthorized users from accessing or changing personal information. This is nothing new, but my main annoyance is that people genuinely have no idea how to come up with a password that is safe.

It doesn't help that certain websites sometimes require special characters such as "$/%$£*(^ which is overall significantly less useful than requiring users to include numbers or upper-case letters.

This spreads a misconception about computer security. Of course, many human users wouldn't expect to have to enter a % or a ŝ when trying to break into an account by hand, but the fact of the matter is that unless you have very unfriendly friends, most unauthorized access attempts are going to be from strangers who use an automated program.

This automated program doesn't see any difference between the letter "a" and the symbol "%", it sees them both as just another string of bits. It is marginally useful, but seeing as realistically there are only 10 extra special characters that would be used for this, and considering how much more difficult it is to remember, it isn't that great.

Ideally, upper-case characters and numbers would be pushed harder than special characters, seeing as upper-case characters introduces 25 extra bits of entropy with not a great amount of extra effort.

However, what should really be pushed is quite simply longer passwords. A lot of passwords require 6 or 8 character strings as a minimum size, but this should be pushed higher up to, in my opinion, 12 or 14 characters in order to make it significantly harder and more time consuming to crack.

There's a relevant xkcd comic for this, if you're interested google "correct horse battery staple". It should come up.

No comments :

Post a comment