During the Panel Discussion for The Imitation Game SciFlix Event, panelist Dr. Hossein Saiedian presented some ideas on how to generate passwords that were not easy to guess, yet complicated enough to foil a brute force, dictionary attack.

Image 1

He also listed some good practices and things to avoid. Because I don’t expect many attendees came armed with their note pads, I wanted to post some excerpts from that presentation.

By the way, can you identify the two photos in image 1 & 2  and explain their relevance and origins?

Image 2

Key/password selection

• ‘Key’ to good encryption: a good password (or key)
• Passwords (pass phrases) are used for encryption and authentication
• Key to maintaining security, privacy, and preventing identity theft
• Objective: avoiding guessable passwords while selecting passwords that are strong and memorable

Common recommendations

• • 12 characters or longer
  • A combination of lowercase and uppercase letters, digits and special symbols
  • Formed from characters from an obscure phrase
  • Easily remembered by you but difficult for others to guess
  • Monitor for possible eavesdroppers during password entry

Things to avoid

• Reusing passwords
• Recording (writing down) passwords
• Using the same password on two or more systems/contexts

Bad password practices facilitate two common password vulnerabilities: dictionary attacks and social engineering

Posting passwords to Twitter accounts with 1.7M followers

Some short phrase ideas

• Phrase association: Icw82Cmd!

    I can’t wait to see my dog!

• Letter/number combination: Mocbd=0520

    My older child’s birthday = May 20

• Letter/number sequence association especially when you are requested to change password at intervals: 89-93GhwB(41)

   Pres from 89-93:George Herbert Walker Bush (41^st)

Some Free Encryption Tools

• GNU Privacy Guard (GPG): an implementation of PGP (Windows, Mac, Linux)
  • gnupg.org
  • symantec.com/pgp (not free)
• VeraCrypt formerly TrueCrypt (Windows, Mac, Linux)
  • http://veracrypt.codeplex.com
• AxCrypt (Windows)
  • axantum.com
• BitLocker (Windows Ultimate)

Personally, I (Jack), have used Dashlane as a password manager and generator since its inception. I’m not certain what my panelists would think of this, but I invite them to post their opinion here.

If you don’t know the images identified above, go here to learn about Image 1. For Image 2, you may need to think a while. In the meantime…

Shall we play a game?