Tuesday, 29 November 2011

correcthorsebatterystaple

We are using xkcd/936 passwords for things like default wifi passwords on routers.

Yes, I can say that! The worst case scenario where you know how we make passwords and you even know the word list, still provides good security. If you don't agree, read more on the xkcd forum. If you don't know the word list it is even better security, and plenty good enough for a wifi password.

Even though we did take out the more obvious four letter words, the system seems to have a surprising knack of creating interesting passwords. The latest was a router for an office which happens to be full of women, and fortunately the dealer spotted the slight problem before it was installed. The password included the words captiveclitoris. It was felt this may possibly cause offence!

In our defence, it is just a couple of standard word lists and a true random number generator, and customers can set their own passwords, or ask the system to make a new random one.

Even so, that word has now been removed from the list. Sorry about that.

P.S. turns out the other password for the same customer was saucyhen. You can't make this stuff up you know.

4 comments:

  1. Can you make one that tries to make funny passwords? That would make them even easier to remember then :)

    ReplyDelete
  2. You should use this:

    http://thedailywtf.com/Articles/The-Automated-Curse-Generator.aspx

    ReplyDelete
  3. A place I worked at a number of years ago used a similar auto-gen for new customer passwords. Basically it generated an 8 character (usually pronouncable) password from between 2-3 words or syllables.

    It threw up the password "urnidiot" for a new user.

    To protect the innocent, I won't say if the prediction as to the new user's competence came true.

    ReplyDelete