Quick, think of a word that describes a combination of letters and numbers that can be used to login to your system...
What came to mind? Was it "password"?
One of the greatest problems in our industry may be the use of the word "password." The origination and proliferation of this word has led us to believe that we must construct this security device using such things as words rather than by some other means.
If you really think about it the paradigm of a passphrase is better in almost every way. After all, many common passwords can be rapidly and effortlessly cracked with a simple dictionary. If we simply take the first letter of each word of a phrase and modify them slightly we have exponentially increased the difficulty of breaking that passphrase.
Having said this let's talk for a moment about how the words we say and what we do affect our thinking. Aristotle said this, "Excellence is an art won by training and habituation. We do not act rightly because we have virtue or excellence, but we rather have those because we have acted rightly. We are what we repeatedly do. Excellence, then, is not an act but a habit."
Whether you look for positive or negative occurrences of this, you don't have to look too far to see the practical examples of how this manifests itself. Self-realizations, self-fulfilling prophesies, and liars who believe what they have repeated so many times all attest to this. However, we have seen that the fact of the matter is that passphrases are without question more secure. So, why should we not reinforce this truth by using the appropriate term in our speech and login interfaces?
Whether you look for positive or negative occurrences of this, you don't have to look too far to see the practical examples of how this manifests itself. Self-realizations, self-fulfilling prophesies, and liars who believe what they have repeated so many times all attest to this. However, we have seen that the fact of the matter is that passphrases are without question more secure. So, why should we not reinforce this truth by using the appropriate term in our speech and login interfaces?
Stay Secure!
No comments:
Post a Comment