We are using xkcd/936 passwords for things like default wifi passwords on routers.
Yes, I can say that! The worst case scenario where you know how we make passwords and you even know the word list, still provides good security. If you don't agree, read more on the xkcd forum. If you don't know the word list it is even better security, and plenty good enough for a wifi password.
Even though we did take out the more obvious four letter words, the system seems to have a surprising knack of creating interesting passwords. The latest was a router for an office which happens to be full of women, and fortunately the dealer spotted the slight problem before it was installed. The password included the words captiveclitoris. It was felt this may possibly cause offence!
In our defence, it is just a couple of standard word lists and a true random number generator, and customers can set their own passwords, or ask the system to make a new random one.
Even so, that word has now been removed from the list. Sorry about that.
P.S. turns out the other password for the same customer was saucyhen. You can't make this stuff up you know.
Subscribe to:
Post Comments (Atom)
Fencing
Bit of fun... We usually put up some Christmas lights on the house - some fairy lights on the metal fencing at the front, but a pain as mean...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
Can you make one that tries to make funny passwords? That would make them even easier to remember then :)
ReplyDeleteKE55ARD: ministryofsillywalks ?
ReplyDeleteYou should use this:
ReplyDeletehttp://thedailywtf.com/Articles/The-Automated-Curse-Generator.aspx
A place I worked at a number of years ago used a similar auto-gen for new customer passwords. Basically it generated an 8 character (usually pronouncable) password from between 2-3 words or syllables.
ReplyDeleteIt threw up the password "urnidiot" for a new user.
To protect the innocent, I won't say if the prediction as to the new user's competence came true.