Help Net Security talks with an IT expert about what makes a strong password. They conclude that it should be no shorter than 86 symbols. So the way I see it, we have two choices.
1. Create your 86 character password now. Here's an example:
That's the one that gets my vote. Think keyloggers care if they have to cut and paste 4 digits or 86? We need to "get smart"...we need to swipe, encrypt, transmit.
From HNS: What makes a strong password?
In 1948 an American mathematician and engineer Claude Shannon entered information entropy term (measurement of uncertainty) in his work "A Mathematical Theory of Communication". If we take, for example, English text, it takes 8 bit (one byte) to represent one symbol. Eight bit allow encoding 256 different symbols. However, there are only 26 characters in English alphabet and they can be easily represented by five bit (32 possible combinations). Consequently, uncertainty of one symbol of an English text makes not 8, but less than 5 bit.
In addition, some symbols and combinations are considerably more frequently used than others. A letter “E” is encountered hundred times more frequently than “Z”, and “U” always follows “Q”. Such peculiarities allow reducing uncertainty even more. According to mathematicians’ evaluation it makes around 1.5 bit per symbol for texts in English.
This means that if information is protected by encryption with 128-bit encryption key, and a password will be an English phrase (without space characters, punctuation marks, and in one register), a really strong password (an oxymoron) should be no shorter than 128/1.5 =86 symbols.
Speaking about the Internet in general - we won’t escape from passwords in the nearest future. They are habitual and their usage doesn’t require special equipment.
Editors Note: That may be true when it comes to accessing email, but when it comes to securing financial transactions, we can't afford to be messing around with passwords...anymore.
Especially when our device costs less than most "useless" bank promos.
BTW: Did you know that the "P" in Passwords is silent?
Keep It Smart, Swipe!
"However, in business segment passwords will continue to get substituted by two-factor authentication (e.g. smart card/USB Token + password/PIN code).
Though such means of authentication require financial expenditures, they should be paid. (they can afford it...vs. the alternative)
They will guarantee a significantly higher security level
Find out how our patented technology can empower your financial institution.
Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)
There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.
Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."
From HNS: What makes a strong password?
Speaking about the Internet in general - we won’t escape from passwords in the nearest future. They are habitual and their usage doesn’t require special equipment.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_seLxQ3DsFgfyOhtEi87PmPLN6bNZtuf6EzBCMos2uA4Cdy9nymScyF4xnpeTxoQkIFxSg26onRL0_oGI7z9ULdooPBjAHIr16YDcpd7HirYzvniVvfc8eDut5xdPztOu-ONrmGBnndlRT-Gdst98Ts=s0-d)
0 comments