Password entropy

As part of some 'NetSafe' training, I was shown this lovely xkcd cartoon http://xkcd.com/936/ .

 

Password entropy. That's a good way of putting it. The statistical mechanics definition of entropy would be k ln W, where k is Boltzmann's constant, W is the number of permutations possible, and ln is 'the natural logarithm'. Higher entropy, means more possibilities. Simply put, the longer the word is, the harder it is for a machine to guess. One doesn't need terribly long sequences before the possibilities become immense indeed. 

So then, how come just about everywhere where I need to use a password* requires me to include non-alphabetic characters, and, sometimes, non-numeric characters too, making it very hard to remember my passwords. Plus, we have passwords on so many different systems nowadays (if I felt I had the time I'd compile a list of how many different systems I have accounts and passwords on – I reckon it's of the order of one hundred) that it is inevitable that we start writing down passwords in an easy to access place – thus almost completely negating the point of them. 

Computer scientists, we need a better system…

*This includes the University of Waikato, whose site I am using for composing this blog entry. It demands a mix of letters, numbers and other symbols and for the password not to be based on a word. And these IT people who control the site are the ones pointing me towards the xkcd cartoon above…Sorry to get at you guys, but the discrepancy is rather obvious. 

Leave a Reply

Your email address will not be published. Required fields are marked *