Cryptosmith

When I was doing research for my book Authentication a few years back, I came to realize just how crazy password management has become. The rule comes down to this:

The password must be impossible to remember and never written down.

This is, of course, ridiculous. The ideal password has to be both memorable and hard to guess. Ideally, a password should be hard to crack, which means that it even takes a computer a really long time to guess it.

I wrote up some comments about this in a part of my web site called The Center for Password Sanity.

The main observations and recommendations appear in these articles:

• The Strong Password Dilemma
• Recommendations on Picking Passwords

Here are some of the older articles from there:

• Password Expiration Considered Harmful
• Avoiding Risky Password Rules

I also have an old page with a very short list of some “famous passwords” that seemed worth preserving.

This page has the following sub pages.

• The Dilemma
• Picking Passwords