Wachtwoorden voor Wetenschappers

27 reacties tot dusver ↓

• Markku // 6 april, 2007 in 6:05 p.m.

  Haha, die een chemische ingenieur zelf, die zou deze gebruikt type van wachtwoorden niet zulk een slechte idee zijn is.

• David Bradley // 6 april, 2007 in 7:34 p.m.

  Perfectioneer voor chemici en chemische ingenieurs gelijk, hoop ik, maar de astronomen konden melkweg en ster de vrees gebruiken w/o van catalogusaantallen even eveneens om hun wachtwoord te vergeten, konden de deeltjesfysici de aanvankelijke brieven voor termijnen in hun vergelijkingen gebruiken QCD, konden de moleculaire biologen genopeenvolgingen gebruiken of peptides enz. enz.… denk ik wij hier op iets… oneindige uncrackable wachtwoorden…. zijnmaar slechts voor STM personeel!

• Tara (PassPack) // 22 april, 2007 in 11:27 am

  Hello,
  Dit is een aardige methode om een wachtwoord te kiezen, maar om zeer sterk te zijn, moet het ruimten en punctuatie (dit wordt genoemd een pasuitdrukking) bevatten. Bijvoorbeeld, in plaats van het gebruiken van „C47H51NO14 ″ als wachtwoord, bestrijdt het gebruik „C47H51NO14 kanker.“

  But here’s what I see happening: You make two or three of these strong(ish) passwords based on compounds that you readily remember and some variations based on a specific site’s requirements/restrictions.

  Problem 1: Now you need to login into a site, and you need to remember which pass and variation you used. Start guessing…

  Problem 2: You log into a website (ex. a forum) that doesn’t use HTTPS. Your password, no matter how strong it is, can be captured while it travels over the internet unprotected, and all other accounts where you’ve used that same password can be compromised… no skin off a hacker’s back to have his automated bots plug it into various banks and shopping sites to see if it works.

  Regardless of how strong they are, reusing passwords is dangerous - and not reusing them requires more memory than the average person has. I suggest using a password manager, then setting your master password to something very strong like “C47H51NO14 fights cancer.” Then you store unique, strong, nonsense passwords in the password manager - no need to memorize them, just look them up.

  Thanks for commenting in the PassPack blog. I’ll point a link to this reply there too so that others can benefit form the conversation.

  Cheers,
  Tara Kelly
  Founding Partner
  PassPack Online Password Manager
  http://www.passpack.com

• David Bradley // Apr 22, 2007 at 8:11 pm

  That’s fair comment Tara. I did realize there were potentially problems with my scientific approach to passwords, but there are so many trivial sites one might want to login to too that a simple single word password is still pretty useful, but point taken on pass phrases and password managers.

• Tara (PassPack) // Apr 22, 2007 at 11:46 pm

  @David,
  Sorry, did I come off preaching? Wasn’t my intention, I just tend to be wordy.

  Cheers,
  Tara

• Choosing Passwords: Long is Strong « PassPack - The Blog // Jun 5, 2007 at 12:36 am

  […] of the more ingenious ideas I’ve come across is David Bradley’s Passwords for Scientists where he proposes using the molecular formula for various […]

• Martin Wright // Jun 14, 2007 at 10:15 pm

  I think this is a fantastic idea. Don’t be surprised if you see a similar idea at PassPub.com.

• David Bradley // Jun 15, 2007 at 7:31 am

  I’ll watch out for your version Martin. Don’t forget to give us a namecheck. Chemspider.com now has 14,700,000 entries, so there are plenty of chemicals to choose from.

  d

• Pam // Jun 15, 2007 at 2:59 pm

  A lot of people write their passwords down or save them in a file on their computer, most people never change their passwords, and some people use the same password for everything including their banking. A bunch of chemical passwords seems a great and simple way to get around the problem, but those people who do the above probably won’t know about looking chemical formulas

• Antony Williams // Jun 17, 2007 at 1:41 am

  David, ChemSPider already has a few million new structures ready to add to the database and will likely be moved over onto the production database sometime in the next couple of weeks. We are hoping to hit 20 million unique compounds by end of this year…anyone out there that has any compounds, SDF files or access to structure databases that would like to see them made public please contact us at feedback@chemspider.com !

• Martin Wright // Jun 28, 2007 at 10:53 pm

  I’ve now created the Chemical Elements password at https://www.passpub.com/element.php It creates random elements as using a list of 14 million was too much of a challenge! But the basic principle is there. Please get in touch with any comments.

  Thanks
  Martin

• David Bradley // Jun 29, 2007 at 7:36 am

  Interesting thought Martin, nicely implemented, but your method misses the point by simply string together random element symbols and number that will just be as hard to remember as any other random string.

  My concept is to use a real compound, Viagra or Rohypnol say, look up its chemical formula and us that as the password. For extra protection one could reverse the formula or make some other standard modification that only you would know. All one needs to remember is the compound name and that standard change.

  How would anyone remember “Co9Pm4La9″? It’s just random elements and random numbers, there is no “cobalt promethium lanthanum” alloy as far as I know.

• David Bradley // Jul 2, 2007 at 8:52 am

  Martin at Passpub emailed me to say he’d have a harder time memorizing “cobalt promethium lanthanum” than “Co9Pm4La9″ which has pairs of letters interceded by a single digit.

  Martin, yours is a nice implementation, but it’s just not as viable as my idea for making an easy to remember password.

  Co9Pm4La9 doesn’t exist and what would it be called anyway, you essentially got a random string, but there’s no mnemonic.

  In contrast, you can think of a compound name and simply look up its formula. The formulae for Taxol, aspirin, Viagra etc etc are readily available and unchanging.

  My idea allows one to think of a compound and then get hold of what is essentially a pseudorandom string based on that name. Easy to remember the compound - aspirin, viagra, taxol, etc etc. In contrast, there is no chemical meaning to the random elements and numbers in your version. Actually, it would be easier to remember “cobalt promethium lanthanum” (which is not a real material anyway) than Co9Pm4La9. In fact if I were trying to memorize your password, I’d remember the element names and the number 949, rather than trying to recall CO-9-PM-4-LA-9 and then recalling that they’re elements and making the second letter lower case.

  I did say my technique was for scientists, didn’t I?

• Tara (PassPack) // Jul 3, 2007 at 9:00 am

  Hi all - while Martin seems to be a nice guy - he’s not at PassPack… he’s at PassPUB.

  

  Cheers,
  Tara
  PassPack Founding Partner

• David Bradley // Jul 3, 2007 at 9:36 am

  Whoops, sorry about that Tara. Edited my comment now.

  db

• Martin Wright // Jul 3, 2007 at 9:42 pm

  I maintain that the chemical elements provide a useful pattern for remembering a password but accept that for a particular audience it would be feasible to provide actual compounds for people to use.

  P.s. if you wanted a mnemonic password you would use https://www.passpub.com/mnemonic.php!

• David Bradley // Jul 3, 2007 at 9:50 pm

  Yeah, you’re probably right, but for a non-scientific audience there probably are better mnemonics than elements and compounds anyway

  db

• Ronda // Aug 9, 2007 at 7:25 am

  I like the way you get scared in the last paragraph But it would be impossible!

  This is an excellent idea. Thank you for sharing!

• Michael Griffey // Jan 22, 2008 at 10:34 pm

  Not long ago, a fellow programmer suggested the use of keyword combinations to make up a password. Like (If(x=4)Then{DoSomethingCool;}). That would be hard to crack with a human brain. Like your idea of complex formulas this is a poor idea.

  I don’t know anyone who tries to crack passwords with a human brain. Modern crackers use things like keywords, dictionaries, and complex algorithms. If a hacker where to attack a bank, it would be wise to check banker terminology first to find the passwords of bank employees. You give a higher ranking to words, formulas, and thoughts known to the user. If you are not a programmer, then “System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile”, or “While(x<=24)y(x)=x*8EndWhile” would constitute as highly secure passwords. We have to constantly evolve our way of thinking. If I could link your username on this site to you, the first thing I would try is the method you openly endorse. You limit your calculation to 64 Alfa characters and 10 numeric characters, making your passwords easier to crack. If I where to ever attempt to crack a password, I would use dictionaries that relate to the field of study of the user first. Password length far surpasses complexity. Food for thought.

• David Bradley // Jan 23, 2008 at 8:05 am

  Michael, first off, I don’t actually use this method

  More to the point though, I didn’t limit the users of my approach to a particular string length and there are some very, very, very long chemical formulae out there. Take an obscure protein, cut hypothetically into a medium-sized peptide, lop off the ends and you’d still have a password of many characters that would not be found in any dictionary. Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so apparent.

  db

• David Bradley // Jan 23, 2008 at 8:08 am

  Michael, first off, I don’t actually use this method

  More to the point though, this approach does not limit the password to a particular string length, and there are some very, very, very long chemical formulae out there. Take an obscure protein, you’d only have to cleave it hypothetically into a medium-sized peptide and you could have a 31 character password that would be found in no dictionary.

  Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so obvious.

  db

• ladnaan // Feb 21, 2008 at 6:07 am

  i for got my passward please help me

• David Bradley // Feb 21, 2008 at 7:28 am

  For what did you forget your password Ladnaan, hotmail? There’s a password reminder system for hotmail, give it a try. But, if you hadn’t registered a secondary address and cannot remember your password reminder you may be stuck.

  db

• Kin // Mar 11, 2008 at 7:45 pm

  Here’s a point why fake elements might work too. If you’re bad at numbers you can try something like

  dicobolt triphosphate
  Co2(SO4)3

  Now, not checking if that works or anything, but at least for me I can’t remember symbols and really only manage with uppercase letters and numbers. On the otherhand, a phrase like dicobolt triphosphate is not so hard.

• David Bradley // Mar 11, 2008 at 10:49 pm

  Interesting point Kin, did you mean to write sulfate, however?

  db

• Kin // Mar 12, 2008 at 12:39 am

  Whoops! Sure did. Well, actually, I meant to write PO4. But either way, I wrote wrong.

  On another note, you can work this method into stages of security.
  Again, not best example, but:
  dicobolt (Co2) for your unimportant sites that still require a password, and dicobolt triphosphate for more secure sites.

  Like currently I have a basic password with a few number variations (Three ones, or one three before and after the phrase, eg) on my basic websites. The stages stop an automatic everything lost scenario of if your password is taken.

• David Bradley // Mar 12, 2008 at 8:14 am

  Your numbers idea is basically the same as my adduct to the passwords for scientists idea. As others have said the more complicated the obfuscating mental algorithm you apply to your password the less chance of it being guessed or brute-force attacked, but also the harder it is to remember.

  db

Leave a Comment