By now you probably have about 20 different passwords you have trouble remembering. There must be an easier way. How can you keep a step ahead of hackers - and stay sane

Let me venture a guess: the system password using the Internet - to access online banking, e-mail, commercial sites, Twitter and Facebook accounts - is a disaster. You know what

duty

do: for every site you visit, you must choose a different sequence and complex letters, numbers and symbols, and then memorize it. (This is the number one rule of the conventional wisdom about passwords never, ever write.) But you do not, because they were not blessed with a brain that is capable of such prowess. Thus, instead of using the same words familiar to all sites - the name of his dog, the name of the street - sometimes with permutations of mind, and add "123" to the end. Or maybe try to follow the rules, in this case, you're probably always be excluded from your bank account or try to remember the answers to several security absurd. ("What was your favorite sport as a child?" Now, I wonder, but my real favorite sport was a way to dodge PE. Question in the iTunes store requires users to designate their "least favorite car.") And it gets worse: these days, you are forced to choose passwords with upper and lower case, and that a normal human being can remember multiple combinations of these? Not you, that's for sure.

One reason not to feel too guilty about their behavior is wrong password seems to be almost universal. Last month, an analysis of pin numbers filtered revealed that about one in 10 of us use "1234", a security flaw in Yahoo recently revealed that thousands of user passwords are "password "," welcome "," 123456 "or" ninja ". People choose passwords terrible even when there is more at stake than your savings: specialists in military security, it is well known that at the height of the Cold War, the "secret unlock code" for missiles U.S. nuclear was 00000000. Five years ago, the BBC revealed that, until 1997, a British nuclear missiles were armed by turning a key in what was essentially a lock. To decide whether the bomb to explode in the air or on the ground, turned with an Allen wrench brand Ikea style. No access codes at all. Speed ??of retaliation if attacked by the enemy, after all.

The sad state of our passwords is the result of the arms race between different hackers and "white" hat safety testers. But when it comes to some of the most deeply involved, it quickly becomes apparent that the conventional wisdom is wrong. For example: write your passwords can be a great plan. Employers who insist on change password security personnel every 90 days are not likely to increase and may make things worse. The same goes for some of the rules of password of your bank insists on going - no more than 12 characters, no spaces, etc.. In the background of all this is the truth passwords as a method to keep our private data securely over the Internet are fundamentally broken. When I asked the veteran security researcher Bill Cheswick if there was a way to solve the problem once and for all, I've been thinking, and then suggested ". Burn your computer and go to the beach "But although the system may be in chaos, there are things you can do to stay safe and healthy. I do not necessarily agree with the things you 've said.

piracy takes many different forms, but one important thing to understand is that there is often a matter of diabolical cunning, exclusivity and brute force. For example, a hacker who sneaks into the company's servers and stole a file containing a few million passwords. These will (hopefully) have been encrypted, so you can not log in to your account if your password is "hello" - which of course should not be - it may be saved in the file as something like "$ 1 $ r6T8SUB9 Qxe41FJyF/3gkPIuvKOQ90." We simply can decipher the gibberish providing "a form of encryption" was used. What you can do, however, is to feed millions to guess your password in the same encryption algorithm until one of them - bingo! - The results of a corresponding string of gibberish. So you know you are getting a password. (An additional encryption technique called "salty", makes this type of attack impossible, but it is not known how many companies actually use it.)

This is the password length is an incredible difference. For a hacker with the computing power to make conjectures 1,000 per second, one of the five letters, purely by chance, any password in lowercase, as "fpqzy" take three and three quarters of an hour to crack. increase the number of characters to 20, however, cracks and increases the time, just a bit:. centuries is 6500000000000000

Then there is the issue of predictability. Nobody thinks that passwords combining truly random sequence of letters and numbers, but follow the rules, like using actual words and replacing the letter O with a zero, or the use of names followed by one year. Hackers know, so that their software can integrate these rules to generate conjectures, which significantly reduces the time it takes to find a good one. And whenever there is a new leak of millions of passwords - as it happened in 2010 and Gawker LinkedIn and Yahoo this year - which effectively adds to a large body of knowledge on how people create passwords, which makes things even easier. If you think you have to give an intelligent system passwords, it is likely that hackers are already familiar with it.

yes, then it would be a long chain of completely random letters, numbers, spaces and symbols - but can not remember. However, due to the length matter much, really surprising is that a long enough string of random English words, all lowercase - for example, "bird woke cane wheels" - it is actually much safer that a short password that follows the rules of your bank annoying, as "M @ nch3st3r." And easier to remember: you have already made a memorable image of some noisy awakening fishing ostrich wheels along the river, right? As the popular xkcd cartoon connoisseur put last year, what exactly makes this "Through 20 years of efforts, we have successfully trained everyone to use passwords that are difficult for humans to remember, but easy for teams to guess. "

both sides are right. This is the problem of security: it is always a question of compensation. More comfort means less security, more protection against ranged attacks means less protection against a roommate elusive. Would you rather run a little higher (but difficult to quantify) the risk of losing your money, or condemn to years of discomfort password? This is a question almost as surprising as, "What is your favorite car at least?"

Bill Cheswick - "Ches" to his friends - is far from alone in believing that we as a society descend into chaos happening. What makes it unique is that it is ready to accept the responsibility of being part of the blame. In 1994, as a member of the Research Division of the fable AT & T, Bell Labs, who co-authored a book with the evocative title firewall and Internet security: The Wily Hacker repellent. (He also coined the term "proxy server", several things it does in Internet environments, a minor deity.) This book helped lay the foundations for the modern online security. But now, he says, when we meet in a coffee bar in Manhattan, passwords have become "a pain in the ass, that can keep track of all these things?" This is a subject on which Cheswick a man voluble enthusiasm in most of the time anyway, comes alive as people from other tables start to look up from their laptops. "And all these rules! You should mix symbols, numbers of cases, ... "