Passwords: A Humanistic Approach Against The Technocratic
I stumbled upon a wide article here about how to invent passwords with an introduction, a bunch of paragraphs, a picture, almost an epigraph - as it is now fashionable here :)
I would like to show by this example how the humanistic approach differs from the geek, technocratic one.
Let's remember what the password requirements are (not too formalized):
')
It is known from psychology that a person easily remembers absurd phrases. Absurd phrases seem absurd to a person precisely because they represent an atypical, unusual and meaningless combination of words. Amazon.com uses rare-frequency combinations of words ( Statistically Improbable Phrases ) to identify texts.
Then, taking the dictionary of Russian adjectives and nouns (say, each of them has 10 thousand words), you can choose from there randomly 2 adjectives and 1 noun, resulting in an absurd, but memorable phrase.
Example:
It remains to fulfill requirement 4 - "it is difficult to remember peeping." Well, we type the phrase in the English layout without spaces:
An important clarification is that if your service has many mobile users, then the conversion operation is not worth doing! (there may be difficulties when typing + on the mobile device, the risk 4 is not so relevant).
Who will write the online program generator? :)
PS Imagine how such an approach would simplify the task of memorizing passwords automatically generated by web services for “regular users” - secretaries, accountants, etc.
I would like to show by this example how the humanistic approach differs from the geek, technocratic one.
Let's remember what the password requirements are (not too formalized):
- Quickly create
- Easy to remember owner
- Easy to play
- Hard to remember by chance
- Hard to pick brute force
')
It is known from psychology that a person easily remembers absurd phrases. Absurd phrases seem absurd to a person precisely because they represent an atypical, unusual and meaningless combination of words. Amazon.com uses rare-frequency combinations of words ( Statistically Improbable Phrases ) to identify texts.
Then, taking the dictionary of Russian adjectives and nouns (say, each of them has 10 thousand words), you can choose from there randomly 2 adjectives and 1 noun, resulting in an absurd, but memorable phrase.
Example:
berserk magic catalystSo, the number of options for such a phrase is 10 12 , i.e. 1 trillion.
It remains to fulfill requirement 4 - "it is difficult to remember peeping." Well, we type the phrase in the English layout without spaces:
ytbcnjdsqdjkit, ysqrfnfkbpfnjh(Of course, there are tower-gunners who have gotten the chance to read Russian words in the English layout, but the likelihood that one of them accidentally sees your password is small in general. Recall that absolute protection does not exist and is not needed).
An important clarification is that if your service has many mobile users, then the conversion operation is not worth doing! (there may be difficulties when typing + on the mobile device, the risk 4 is not so relevant).
Who will write the online program generator? :)
PS Imagine how such an approach would simplify the task of memorizing passwords automatically generated by web services for “regular users” - secretaries, accountants, etc.
Source: https://habr.com/ru/post/49829/
All Articles