I ran across this an interesting way to check the strength of your passwords this morning. Put them into Google and see how many matches you get. If you get less than 10 results, you have a strong password.
I'm not sure if this is insanely stupid or utterly brilliant. The more I think about it, the more I lean toward the brilliant end of the spectrum. If a password candidate only gets 10 hits on Google, the chances of it being in a password dictionary are probably low. The biggest danger I see is if you have a search history enabled. That could give a local attacker an edge, but then again to see the search they would have to be logged on as the victim already anyway. If you're using the Google toolbar, your searches are recorded and that's a risk but in that context your password search is a grain of sand on a beach. You would have to have access to the Google system storing that data and you'd have to be able to develop search terms to find what you're looking for. A good place to start might be searches returning 10 items or less. I suspect that is still a large number of searches in absolute terms.
The biggest challenge I find in the security business is making security easy for non-security people. I could give these instructions to my Mom and she would understand them and would probably have a decent password at the end of the day. I'm still leaning towards brilliant on this one. Are there any other thoughts?
Tip 'o the Hat to the Sunbelt BLOG for this idea.
Technorati Tags: passwords, security
I'm not sure if this is insanely stupid or utterly brilliant. The more I think about it, the more I lean toward the brilliant end of the spectrum. If a password candidate only gets 10 hits on Google, the chances of it being in a password dictionary are probably low. The biggest danger I see is if you have a search history enabled. That could give a local attacker an edge, but then again to see the search they would have to be logged on as the victim already anyway. If you're using the Google toolbar, your searches are recorded and that's a risk but in that context your password search is a grain of sand on a beach. You would have to have access to the Google system storing that data and you'd have to be able to develop search terms to find what you're looking for. A good place to start might be searches returning 10 items or less. I suspect that is still a large number of searches in absolute terms.
The biggest challenge I find in the security business is making security easy for non-security people. I could give these instructions to my Mom and she would understand them and would probably have a decent password at the end of the day. I'm still leaning towards brilliant on this one. Are there any other thoughts?
Tip 'o the Hat to the Sunbelt BLOG for this idea.
Technorati Tags: passwords, security
Powered by ScribeFire.
No comments:
Post a Comment