Easy To Remember, Hard To Guess
A password that is easy to remember is generally also easy for an attacker to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.
In "The Memorability and Security of Passwords", Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed "algorithm" for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a “mix of uppercase and lowercase characters” is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions which are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers.
Read more about this topic: Password Cracking
Famous quotes containing the words easy to, easy, hard and/or guess:
“The only ones who are really grateful for the war are the wild ducks, such a lot of them in the marshes of the Rhone and so peaceful ... because all the shot-guns have been taken away completely taken away and nobody can shoot with them nobody at all and the wild ducks are very content. They act as of they had never been shot at, never, it is so easy to form old habits again, so very easy.”
—Gertrude Stein (1874–1946)
“I’ve been thinking about the comments that are always made about the shower rooms and the lack of privacy.... How easy it would be just to hang a shower curtain ...”
—Margarethe Cammermeyer (b. 1942)
“The hard truth is that what may be acceptable in elite culture may not be acceptable in mass culture, that tastes which pose only innocent ethical issues as the property of a minority become corrupting when they become more established. Taste is context, and the context has changed.”
—Susan Sontag (b. 1933)
“Not fat but the greatest possible suppleness and strength is what a good dancer wants from his nourishment—and I could not even guess what the spirit of a philosopher might wish to be more than a good dancer. For dance is his ideal, and also his art, and finally also his only piety, his “service to God.””
—Friedrich Nietzsche (1844–1900)