![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Keeping calm and carrying on...
Jan. 2nd, 2014 11:00 pmThe mail brought an unpleasant letter with a second request for money from a party that, as far as I can tell, has both received my certified mail with the check and cashed the check. Theoretically, this should be a no-brainer, but I have been around the block enough times to know that
Other errands touched on similar requests (demands?) by other parties for various sums, and they all have been dealt with successfully, except for the bank that will not allow me to reset my (and Galina's) account password because I am not the "primary" account holder. I can understand this kind of compartmentalization when it comes to, say, credit card accounts, but for a checking account that I can write checks on? (I mean, my name is on the farblegargling account!)
* * * A piece of what appeared to be common sense crossed my browser the other day concerning password security. The article claimed that conventional wisdom—which would have you create a "strong" password using upper and lower case letters, numbers, and punctuation that do not form and are not derived from dictionary words—is wrong, and that you could derive a more secure password by stringing together four words or names, which has the additional advantage of being mnemonically tractable.
The mathematics are roughly as follows: If one assumes a range of available characters consisting of letters, numbers, and punctuation, you end up with, say, 75 choices per character. A 10-character password, therefore, can be constructed in 7510, or about 5.6 x 1018 different ways. On the other hand, since there are about 250,000 words in the English language, then randomly stringing four of them together can be done in about 250,0004, or 3.9 x 1021 different ways.
In theory, then, stringing four words together is several orders of magnitude more complex than a traditional password. In practice, however, I think it's fair to say the words "available" to the ordinary user are limited to those he or she is aware of, which is almost certainly much less than 250,000. That said, I think that, left to their own devices, most people's ideas of what constitutes a "random" password made up of letters, numbers, etc. is not as random as might be imagined.
I think the "four word" password scheme is a pretty good idea, mostly because the resulting passwords can be made memorable. From my own experience, I can still recall telephone numbers from my college days, through their most memorable mnemonics.
Cheers...
"Theoretically, there is no difference between theory and practice, but in practice..."I remain confident that this misunderstanding can be ironed out without too much fuss.
Other errands touched on similar requests (demands?) by other parties for various sums, and they all have been dealt with successfully, except for the bank that will not allow me to reset my (and Galina's) account password because I am not the "primary" account holder. I can understand this kind of compartmentalization when it comes to, say, credit card accounts, but for a checking account that I can write checks on? (I mean, my name is on the farblegargling account!)
The mathematics are roughly as follows: If one assumes a range of available characters consisting of letters, numbers, and punctuation, you end up with, say, 75 choices per character. A 10-character password, therefore, can be constructed in 7510, or about 5.6 x 1018 different ways. On the other hand, since there are about 250,000 words in the English language, then randomly stringing four of them together can be done in about 250,0004, or 3.9 x 1021 different ways.
In theory, then, stringing four words together is several orders of magnitude more complex than a traditional password. In practice, however, I think it's fair to say the words "available" to the ordinary user are limited to those he or she is aware of, which is almost certainly much less than 250,000. That said, I think that, left to their own devices, most people's ideas of what constitutes a "random" password made up of letters, numbers, etc. is not as random as might be imagined.
I think the "four word" password scheme is a pretty good idea, mostly because the resulting passwords can be made memorable. From my own experience, I can still recall telephone numbers from my college days, through their most memorable mnemonics.
Cheers...
