Sophos Cloud Optix
Got a minute to spare?
Watch this week’s 60 Second Security…
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
In this episode:
• [0’05”] Microsoft joins the “security hole in HTTPS” club
• [0’27”] USPS breached, employee and customer data stolen
• [0’48”] Stratfor hacker used his cat’s name as a password
• [1’02”] How to pick a proper password
I’ve been amused by the Hammond story since it appeared. Twenty years ago at a meeting of computer techs meeting to work out how we were going to implement the Internet into our agencies, I jokingly said, “don’t use your cat’s name as your password,” about half the people there laughed nervously. I assumed I was not the only one who had done that.
Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords. We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.
At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.