Science and technology
Babbage
Internet security
See-through passwords
Mar 1st 2011, 21:12 by G.F. | SEATTLE
PASSWORD selection typically lacks sex appeal. The longer it is, and the more exotic the characters (punctuation marks, say), the less likely a brute-force effort to crack it is to succeed. But coming up with complex concatenations of alphanumeric symbols tends to be tedious and offputting, so relatively few people bother, plumping instead for simple, and easily guessable, words. Now, a firm from Cape Town, in South Africa, has released a free web tool designed to make strong password selection a little more tantalising.
Naked Password, a set of open-source JavaScript code and images that may be installed on any website, monitors a specified password-entry field in a web form. As the user types in a password, a reclining model dubbed Sally loses her garments a few chunkily bitmapped patches at a time. This turns password creation into a (rather racy) challenge. The goal is to use enough variety in the password—an exclamation point here, a hash there—to undress her completely.
Readers ought probably to resist Sally's charms while at work. Even though the salient portions of her exposed bosom are merely one pixel each, employers may not take kindly to such prurient use of company time, no matter how laudable the virtual voyeurs' motivation. Fortunately, the JavaScript code is stored in github, a popular repository for managing open-source projects. Github allows developers to "fork" code, creating a new independent project that shares another's files and features. This means that squeamish types who would rather play with something less salacious than Sally may do so.
Robust passwords are increasingly crucial in a world where ever more business is conducted online. And a game may convince users to pick a strong password where commands and exhortations fail. Better safe than sorry.
About Babbage
In this blog, our correspondents report on the intersections between science, technology, culture and policy.
Follow Babbage on Twitter »
Advertisement
Economist blogs
- Americas view
- Asia view
- Babbage
- Bagehot's notebook
- Banyan
- Baobab
- Blighty
- Buttonwood's notebook
- Charlemagne's notebook
- Clausewitz
- Daily chart
- Democracy in America
- Eastern approaches
- Free exchange
- Global Leadership
- Gulliver
- Johnson
- Leviathan
- Lexington's notebook
- Multimedia
- Newsbook
- Prospero
- Schumpeter's notebook
- The World in 2011: Cassandra
Most commented
- Charlemagne: No time for doubters
- Banyan: Taiwan's commonsense consensus
- China's pre-emptive crackdown: The people doth not protest
- Turkey and Europe: Mr Erdoğan goes to Germany
- China's foreign policy: Setting sail for Libya
- Language and opinion: Framing climate change
- Precautions in Xinjiang: Catching a whiff of jasmine in Kashgar
- Qaddafi and his ilk: Blood and oil
- Turkey's election: A Muslim democracy in action
- Venezuela's economy: Oil leak
Over the past five days
Most recommended
- Qaddafi and his ilk: Blood and oil
- China's pre-emptive crackdown: The people doth not protest
- KAL's cartoon
- Banyan: Taiwan's commonsense consensus
- A special report on feeding the world: The 9 billion-people question
- The Arab uprisings: Endgame in Tripoli
- Energy prices: Tax away vulnerability
- Labour law in America: Showdown in Madison
- Venezuela's economy: Oil leak
- China's foreign policy: Setting sail for Libya
Over the past seven days
Advertisement
Subscribe to The Economist's free e-mail newsletters and alerts.
Subscribe to The Economist's latest article postings on Twitter
See a selection of The Economist's articles, events, topical videos and debates on Facebook.
Advertisement
Readers' comments
The Economist welcomes your views. Please stay on topic and be respectful of other readers. Review our comments policy.
Sort:
Mmmm, Duke Nukem-level porn. ASFW.
Of course, it's only a matter of time before someone forks a less chunky version of Sally—not to mention her brother Saul.
Make up a nonsense word that is easily pronounceable, plug in a number, capitalize a letter or two - make sure it's at least nine characters - and you'll not be an easy mark.
sadly, bampbs, 9 characters is rapidly falling within range of brute-force attacks- one is probably better off keeping a password list in the wallet than trying to remember shorter passwords. It also helps to not use the facebook/gaming password to protect the bank account... and as the previous governor of Alaska found, bad things happen when your facebook profile has enough information to let someone answer your challenge questions.
As long as you don't have a keypad that is external to your comp, nothing is really secure.
It is not clear that brute-force approaches are very significant at an individual level. So bampbs is right - choose something not too obvious and use multiple passwords (with a secure password-protected electronic backup). An amazing number of people choose 'password' or '123456'. Under NO circumstances write it down anywhere! ESPECIALLY not in your wallet!
IT managers could help by not insisting on changing passwords frequently. This has little security value and makes the writing-down problem worse (but it does shift the blame from the IT manager to the user!).
love friend-welcome come to website :
www. ( loveshopping.us ) ( Please enter the website
... , you can leave the url written in can see the place or brain
) Have what you want