Natural But Secure

PadlockWith the on-going attention Facebook has been receiving in the media and among its users about the complexity (impenetrability?) of its privacy settings, one of my FB friends recently posted a link to an article about this very topic and posited that this complexity is one of the main contributors preventing someone like his mother from ever joining the social network.

That article was part of a much larger website by someone named Thomas Baekdal that is dedicated to “showcasing great products, great innovations and great experiences.” But one article that particularly piqued my interest, perhaps because of my day job and the fact I always fall for such geeky topics, was “The Usability of Passwords.”

Considering that just about everything we do today is computer-mediated, we find ourselves having to manage a slew of passwords to gain access to those things. Sometimes, we get to choose those passwords; sometimes, they’re imposed on us. And when we get to choose them, they often not only need to meet certain criteria but also need to be changed periodically. As a result, we often end up creating simplistic passwords that could easily be cracked.

The best possible password, we are often told, would be one that is not a real word and contains a mixture of upper- and lowercase letters, numbers, and special characters, like utY#8asfF7. But try to remember something that’s so unlike the way we think! Thus imagine my surprise (and delight) at Baekdal’s suggestion that a pass phrase like “fluffy is puffy” would be virtually uncrackable.

That one wouldn’t meet the minimal requirements at my job; however, this notion is definitely one I intend to keep in mind the next time I’m forced to change a password.

{2} Thoughts on “Natural But Secure

  1. I had a job a couple years ago with crazy rules for passwords that had to be used dozens of times per day and changed every three months. It had to be something memorable and easy to type quickly, yet couldn’t be a dictionary word and required numbers and such. My solution: stop thinking about the characters on the keys and instead think about pattern. I developed patterns which could be adjusted or moved around the keyboard each time they needed to be changed. I’m not sure I even knew what the letters/numbers were for some of them – I just knew how to hit them.

  2. That would be a good strategy. At work, I’ve had to choose passwords with upper- and lowercase letters and numbers, so I’ve since adopted that practice everywhere and, where possible, I change my passwords regularly.

Comments are closed.