Tuesday, September 19, 2006

Strongest Passwords...

Password nowadays is becoming the key security issue for a lot of organizations and people alike. For this, a number of organizations are having what they call it as a “Password Policy”. This is what wikipedia has to say about password policy

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

We think this is enough for now. Intricate details on password policy can be found here.

As per the above definition, a good password policy is the one that is supposed to be encouraging the use of strong passwords rather than weak passwords. And like duffers we always thought passwords were always star rated rather than strong or weak. We always type passwords in ‘*’ no? So passwords for us were more like restaurants and hotels than anything else (blame our education for that). But anyways on further introspection we found out the definition of strong and weak passwords here.

For the benefit of all lethargic people like us, who didn’t click on the above link, a Weak Password is the one which has got all chances to be guessed / hacked by either a person or a program and a Strong Password is the one which is difficult to be guessed / hacked by a person or a program. So all passwords that have your name, DOB or blank passwords are all examples of weak passwords and passwords with a combination of alphabets, characters and symbols are supposed to be examples of strong passwords.

But regardless of the fact of whatever password policy may exist in the organization, there is always an urgent requirement to share/reveal passwords to another person. And yes, it is utmost important for you to take down somebody’s password to do their work or to access something that you don’t have access to. Similarly it is a matter of life and death for you to reveal your password to someone else so that they can mark you present when you are having the time of your life giving an interview in another organization. So there… we have dealt with confidentiality of passwords and also the human urge to break that confidentiality for his/her own purpose.

Now after all that lamba chauda bhaashan (long wide lecture) on strong & weak passwords we have come up with a concept of something called as “Strongest Password”, yup, that too of the superlative degree. According to us, “A Strongest Password is the one that the person cannot guess even after having revealed it... verbally or written

In case you are highly surprised or think that we have lost it or both, please read the above statement again and we will explain to you what we meant. We very clearly and lucidly meant that a password is strongest when it can still not be guessed in spite of the fact that the password was openly revealed. And you may ask how that is possible. Let us use some conversations to substantiate this point. All the conversations are between two employees within the same organization. (Obviously naa… what’s the point if you give your password out to some other person outside the organization and nothing can be done about it…)

Case 1:

E1: Arey yaar mera ID lock ho gaya hai… tera pwd dega… login karna hai
E2: NahiBatayega (yup that is the password)
E1: Arey yaar pliss bata naa
E2: NahiBatayega bola naa
E1: Saala tu to ekdam @#@$#@#@ hai… I will ask E3…. Hmpf

Case 2:

E1: E2 yaar mereko late hoyega… HRMS mein login kar de naa plissss…
E2: Theek hai… karta hoon… password to bata de…
E1: TereBaapKoPuch (yup… strongest password)
E2: Saala… @#@$@$@... @#@#@#@... tu apne baap ko puch…

Other examples of strongest passwords include “ChalBhag”, “BolaNaaTereko”, “IWillNotReveal” (for the engliss audience… however Hindi will always score much higher in our books), “JaaNaaYaar”, “DimaagMatKhaa”, “ChupKar” and zillions of other possible words.

We mean how much safer can passwords get. You stand in between all the cubicles with your arms spread out (a la di-caprio from Titanic) and yell your password in between all the people at the highest possible decibel and still no one could have the slightest of clue of your password (except if they have already read this post and use it as future reference)… Go ahead… break all barriers of security… have fun

adios

PS1: Passwords should not contain spaces. That is one basic requirement. So none of the above strongest passwords have any spaces… just in case you wanted to know.

PS2: These were real life passwords set by us, ralphie and mundra. Aur haan, please do not try the above stated passwords on any of our accounts that you know of… They wont work…



15 comments:

fleiger said...

Sirji, instead of negative sounding passwords, can we use the ones like "LageRahoBeta", "HoJayega", "KyaBaatHai", "KeepItUpMan" etc...

E1: Are yaar, mera account lock ho gaya hai... Password de na...
E2: LageRahoBeta / KyaBaatHai / KeepItUpMan...

silverine said...

LOL :))

I had also written about passwords long time ago!

Really woriginal ideas here :))

SCRIBBLEZ TO WAKEUP said...

Director saaaab...Acha hai...U n your idea generation is simply honoured by us!!! Dimaag mat kha and math pakana shall be in my list ok?? :)

Kautilya said...

The all time strongest pwd!
F*** You!

Warning : I yam naat rezpongible faar all n yany congequengej!

E1 : Arrey boss zara tera pwd dena...
Me : TeraBaapKaMaalHaiKya!

besides.. pwd will be strongest if its filled with gaali galoch!

iyer education said...

@fleiger, very optimistic you are i say... i likes it... ur blood group is 'B Positive' by any chaanas?

@silverine, you rock lady... hilarious post on password... and now i guess you can take some poor cues from me on your password formation :)

@scribz, shall i try and login to your account using 'dimaagmatkha' or 'matpakana'... shall i try?

@kautilya, bang on brother... gaali galoch increases the strength of the password exponentially... u should be awarded nobel prize for this invention ;)

Anonymous said...

Oh, close... I giveth to all, receieveth from some...

Tanushree said...

hi Iyer,
my password will be
"terekomallumtohaiyaar"...

the shiva said...

hey neat blog man!..

ive blogrolled u...hope thats ok..

venus said...

I, Iyer, Iyest!

shayer e ullusthan!

moi first timer @ iyer education, first assignments submitted!

ROFL :D

will keep visiting.

Kusum Rohra said...

LOL!!! I think the strongestest ( Yes thats a word) password will be:


iyerpaagalkahinka :)

Akshay said...

how abt this..
batauKya?

It has alpha numeric chars and a ? to make is still more tough!

Had this idea: In Economic Times today, there is an article on Cross Cultural companies reaping money training MNC managers about India... I think Iyerospace should definitely diversify into this sector too... :)

iyer education said...

@fleiger, OH... thats your blood group haan...

@tanushree, that is also a strongest password... now give me your ID to test it...

@the shiva, its alright with me... make sure your reputation is alright at the end of the day :)

@venus, thengew vairy much, keep coming back :)

@kkusum, thats not a password... thats what we call as BLATANT TRUTH... :P

@akshay, fantastic idea about the password... it is, as kusum put, strongestest... and educating managers... i likes the idea... but do you plan on india becoming a backward economy all over again with that kind of a propostion?

Anonymous said...

Oh yes, sirji...

Akshay said...

actually, what i meant was not in a derogatory way..

there is a lot of hype about the cross cultural adaptability programs in the IT companies, where they teach you stuff like using forks and knives..

how about iyersopace doing stuff on "eating idly with one hand?" or "dosa with sambar, without getting hands wet!" ..

Anonymous said...

Pw:EnnaEzhavo

Err... Computer would understand tamil pw right ?!!