On improving password security
It occurs to me that password security could be simply but greatly enhanced if the systems were to consider not only what we type but how we type it. I just had one of those strange standing-outside-yourself moments as I watched my hands entering my password for WoW, and realized that the way I type is nearly as distinctive as what I typed. A system that ignored the letters and paid attention to the "granularity" of my typing (speed, hesitations, keystrokes that run together) would identify me pretty well too. My WoW password is:
one two, three, four-five-six, seven, eight-nine ten
Anybody who had discovered the letters of my password and was typing while reading them would be typing very differently indeed, probably:
one two three, four five six, seven eight nine, ten
Not even remotely a match.
Software companies: start your engines.
posted by Udge @ 00:11
2 Comments:
I do the same with my mobile number - I see it as xxxx xx x xx xx, not xxxxxxxxxxx. Maybe we break this stuff down into 'words'?
I have to have such complex passwords at work, it would be lovely if they took my usual errors in typing as well. Like the VF is sometimes a bit fuzzy, close enough.
I learned to do a strong code by thinking about TYWKIWDBI. Get a phrase, with a potential number and punctuation, and hit the first letters, with whatever #s suggest, that sort of thing. Still sucks. I like your idea better.
Post a Comment
<< Home