passwords

[watervole]

 My business bank have asked me to set up a new password.  It must be all numbers and ten digits long and I quote "it must be memorable"

Right...

Apart from pi, and your mobile number, both of which are bloody obvious to any hacker, how many 'memorable' ten digit numbers do you know?

I can do memorable letter sequences, but my brain isn't oriented to remember numbers.

Comments

[watervole.livejournal.com]

But that also hits the 'write it down' problem. Though it is a bit better as long as I can have mostly letters.

When allowed a mixture of my own choosing, I can do better. I can find mnemonics - did that recently for funding circle - I have a password that is a mixture, but I think would be very difficult for anyone else to guess, but is still memorable for me.

[luckykaa.livejournal.com]

Sorry. I need to explain my meaining a bit more clearly. It was a comment on password strength.

6 characters will be rejected by most password systems as insecure. This will take 6 times as many guesses for a computer as a 10 digit number. At 1000 guesses a second, this will be guessed in a few months. Of course the banks systems will detect this sort of attack, and block it, but they shouldn't really rely on this.

This xkcd strip illustrates the problem: http://xkcd.com/936/ (http://xkcd.com/936/)