E24 has published an article about common passwords, in Swedish of course and in my opinion it's not really worth reading. It contains barely no substance and no analysis at all. Passwords that are simple to crack is nothing new and it's a fact that most users don't even bother thinking twice before selecting "carla" as a password. After all, how can the attacker know that I fancy that girl? If you have read a bit about password security however you realize that an attacker won't make any guesses but will fire an arsenal of dictionary words. Against this, poor carla won't stand a chance.
Administrators such as myself try to force the users to use decent passwords, such as enforcing policies of mixed case, alphanumerical mixing and so on. Does this work? Not really, users usually just make a quick workaround and we are back at square one. Some good reading on the subject is Schneiers analysis of the cracked MySpace passwords.
For more critical services such as SSH the best option is likely to be to abandon passwords altogether, they do more harm than good. A good alternative are cryptographic keys, they will allow you easy and secure access. At the cost of slightly more trouble when setting them up. I guess that rules them out as an option for everyday users at MySpace though...
About the author
- ninjin
- Stockholm, Sweden
- I study computer science at KTH since the autumn of 2005. At my spare time I usually play around with code, tend to my computers, write poems/rants or study some extra in order to keep up. I have eleven computers, five habanero plants, a rather decent book case, and no pets. I don't drink, although I enjoy Swedish "lättglögg", but I boil it before drinking it.
1 comment:
Do international "attackers" use swedish dictionaries? =(
Post a Comment