Easy To Remember, Hard To Guess
A password that is easy to remember is generally also easy for an attacker to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.
In "The Memorability and Security of Passwords", Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed "algorithm" for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a “mix of uppercase and lowercase characters” is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions which are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
Read more about this topic: Password Cracking
Famous quotes containing the words easy to, easy, hard and/or guess:
“Danger lies in the writer becoming the victim of his own exaggeration, losing the exact notion of sincerity, and in the end coming to despise truth itself as something too cold, too blunt for his purpose—as, in fact, not good enough for his insistent emotion. From laughter and tears the descent is easy to snivelling and giggles.”
—Joseph Conrad (1857–1924)
“Philosophy finds it an easy matter to vanquish past and future evils, but the present are commonly too hard for it.”
—François, Duc De La Rochefoucauld (1613–1680)
“I’m tired of earning my own living, paying my own bills, raising my own child. I’m tired of the sound of my own voice crying out in the wilderness, raving on about equality and justice and a new social order.... Self-sufficiency is exhausting. Autonomy is lonely. It’s so hard to be a feminist if you are a woman.”
—Jane O’Reilly, U.S. feminist and humorist. The Girl I Left Behind, ch. 7 (1980)
“Young children...are often uninterested in conversation It is not that they don’t have ideas and feelings, or need to express them to others It is simply that as one eight-year-old boy once told me, “Talking is okay, but I don’t like to do it all the time the way grown-ups do; I guess you have to develop the habit.””
—Robert Coles (20th century)