Use the holy word of God to stay secure online, says bishop
A bishop in Blighty has suggested that passages from the Bible can be used to create memorable but hard to crack passwords. The Right Reverend James Langstaff urged his congregation to stop using pets' name or stock phrases for login credentials in favour of passwords derived from passages in the New Testament. "The Bible …
This topic is closed for new posts.
Re: Does this work?
Its a long time since I have read or spoken any Hebrew but I would guess that you are trying to write "Sesame" as in Open Sesame.
.
"Touched by his noodly appendage" would also be pretty secure. RAmen.
All I said was...
...that piece of halibut was good enough for <CLUNK!>....
You will be cracked!
If the lord wants your password cracked then it will be!
Erm..
"Even better security could be achieved by using a made-up phrase to derive a password, Cluley suggests."
Which takes us right back to the Bible...
PW: CORRECTHORSEBATTERYSTAPLE
Once again XKCD has provided a solution to this perennial problem.
https://xkcd.com/936/
Re: PW: CORRECTHORSEBATTERYSTAPLE
And I was going to say that I don't remember reading the phrase "Correct horse battery staple" in the bible!
@John Brown
Point taken on cussing vs cursing. Your assumption is aligned with accepted historical interpretation.
"It has also been known for parents to have children who manage to grow up to adulthood so that quotation doesn't necessarily imply only young children."
I didn't write *young* children. You've inserted that adjective yourself. We are always are parents' children. The obvious self-symmetrical back-fire of your complaint is thus hilarious. :-)
personally I used to use chip #'s off old motherboards,and addon cards. People often wondered why I had old MB's on the desk as decor not knowing my passwords were in plain sight :D
@Kevin 6
"People often wondered why I had old MB's on the desk as decor not knowing my passwords were in plain sight"
That reminds me of the manual for some demo software. Nobody knew the initial password and tried all sorts of combinations without success.
The documentation had the initial password in plain sight: "XXXXXXXX"
So, like this?
"He rested." Verse 2 Chapter 2 would be HrV2C2
That's under the eight character limit, i think the bishop tells lies
Re: So, like this?
Insert the first three letters of the pertinent book ("Gen", in this case) and you'll have a solution workable with even a verse of a single word. So in your case, the password can become "GenHrV2C2". That's nine letters and above the eight-character minimum.
Re: So, like this?
@Bush Rat
'He rested." Verse 2 Chapter 2 would be HrV2C2.'
How about "Jesus wept" John 11;35 JwJC11V35 ?
Certainly a better Scrabble score!
urandom
I use
head -c1000 /dev/urandom | tr -dc [:print:] | head -c 20
then save it to a .password gpg-encrypted file. The latter uses a key (or a bare symmetric) with an easier , less gibberish but a strong passphrase constructed in the same vein as suggested in the article with a little change. Like "Rule Britannia" can be made into something like #U7e b4IdDa9eeah!!!
Re: urandom
Why not:
tr -dc [:print:] < /dev/urandom | head -c 20
Re: urandom
And what is the difference?
Moreover:
$ time tr -dc [:print:] < /dev/urandom | head -c 20
n+d;CM)$F?rEUIBI+**_
real 0m0.266s
user 0m0.000s
sys 0m0.012s
time head -c1000 /dev/urandom | tr -dc [:print:] | head -c 20
~ExUI!y%ZGSo]eY)LwP.
real 0m0.009s
user 0m0.004s
sys 0m0.004s
Re: urandom
You forgot to count the amount of time it takes you to type it in, also, for this purpose you should probably both be using /dev/random not /dev/urandom.
Re: urandom
I did not forget. Should I reveal a little secret of mine? Most of my oneliners (with some multiliners) are kept in an org file whatever.org. I just grep it whenever I need something (even got a shell alias and tiny script for it). I bet, Mr. Polichinelle might get jealous.
Try using /dev/random -- more "random", but too slow, especially if you need to many password for many accounts.
Re: urandom
I posed a serious question, I wanted to know the utilty of the first "head". Thanks for the answer and for the thumbs down. I guess.
Obvious
I used to tell people at work who asked for the administrator password on their desktops "The password is obvious"
After an hour watching them trying the company name, my name, their name, 'password', 'computer', etc, I would wander past and give them a bit of paper with a single word written on it.
"obvious"
Re: Obvious
Way back in the days of 9-track tapes & main-frames us mere-mortals had direct control, so we used the password: 'secret'
People would ask for it and we would say; "shhhhhh, it's secret".
Few people twigged.
How I hated backing up multi-volume sets.
Re: Obvious
Someone tried that on me. They didn't know, however, I tended to kill time with Mindtrap puzzles (which feature lots of lateral thinking). I figured out the password in three tries.
John 1:1
In the beginning was the password, and the password was with God, and the password was God but spelt with a zero instead of a letter o. And the darkness comprehended it not.
correct horse battery staple
passphrases like "correct horse battery staple" are excellent. They're easier to remember and hard to crack, especially if you use numbers and punctuation after each word, and mixed case as in "engineEr5whistlE!highwAy*locatE." Assuming the words are chosen from a list of 3000 easy to remember names, a quick back-of-the-envelope calculation shows that there are possibly 1.8 x 10^18 different combinations (or 1.8 million million million). Since most important passwords are to protect online things such as email, credit card accounts etc, and there's no way that anything would let an automated program take that many guesses (even if it were physically possible), I would say this is particularly secure.
Scaling that down to three random words separated by numbers, the security such a password offers is at least far better than most passwords, and certainly easier to remember than things like q3!U5opO3.
As humans, we can't remember lots of passwords easily, that's the problem. And seeing as many things which are passworded are less important than others, why not use a less secure (and therefore easier to remember) password for things that don't matter so much?
Surely I need less security on my Nespresso account (which can only be used to order coffee and requires a credit card number every time) than say my Paypal account (which can be used to send people money)?
Why do some broadband companies make their broadband signon password "welcome1" or even just not have one, whilst others make it "Y1H4O7P2"? The signon cannot be used for anything other than logging into the internet!
I'm no expert but there is a LOT of misinformation going round about passwords, I'm sure of it. I see people running a business whose password for EVERYTHING is "buster", I've seen people who have an incredibly complex password for their computer but a file on the desktop called "banking passwords and pin numbers!", and what about people who set a complex 64 digit WEP key for their wireless?
Anyway see passphra.se for more info about easy to remember passwords
its all about shared secrets innit?
I.e the best password is simply one that is instantly personally recognizable to you, but impenetrable to anyone else.
I have used personal phrase, car numbers or simply 'what I can see looking out of the window' and 'red.bus' and 'RPH862E' have featured..
Its not hard to find something that you remember - the name of your first girlfriend, the number plate on your first car, the first telephone number you aver had (like swansea6074) a scrambling of a pet phrase...that you will never forget and is yet fairly impossible for a random outsider to guess.
What is missing is a simple guide to explain all this. A person I know had his web site messed up completely, several times, but never changed the password from 'stanley' How amazingly dim is that?
Likewise its a really simple way to do cryptography: use some online work of literature and randomly scan it for the word you want and encode the word offset in that text instead of the word itself.
Using the bible maybe be appropriate from a clergyman who actual knows large tracts by heart, but for the rest of us its not the natural choice.
Job 3:14
'with kings and counselors of the earth, who built for themselves places now lying in ruins,'
Mission: Impossible did it first. ;)
I'm an atheist.
Can I use a phrase from "The God Delusion"?
Re: I'm an atheist.
Depends - are you in the United Atheist Alliance, United Atheist League or the Allied Atheist Allegiance?
otherwise just use Hitch-Hikers or Monty Python
Actually this is good
The only reason I could think of why someone as a bishop gives password policy tips is to protect all the child molesters. At least this way the pigs can just use the bible as a wordlist and crack their CP in matter of minutes.
This book code thing just have me an idea
Why not use a line from a favourite song, plus the year it was released?
"It's Been A Hard Day's Night" IbahdN1964
I sometimes use phrases from poems
Some by the worlds worst poet. Some even written by me.
Thank the lord...
...a purpose has been found for this book. Yes, you can tell I'm a hardcore christian.
"People would ask for it and we would say; 'shhhhhh, it's secret'".
OK. How many 'h's in shhhhh?
"OK. How many 'h's in shhhhh?"
OK. How many 'H's in Steps?
Passwords derived from Jules' monologue in Pulp Fiction, for example, might be popular.
Not if people are using bible quotes they won't. Jules' monologue is mostly made up and even the part which isn't is only a vague interpretation of the actual text in the bible
Backup, Backup, Backup
Always be prepared for data loss and destruction. Remember the church's Prime Example concerning data security: Jesus saves.
Password
If the word "password" doesn't appear in the bible no-one will be using it.
So I can just change my password to "password" and no-one will guess it, right?
I prefer something along the xkcd lines, with an element of the ridiculous to make it even easier to remember and harder for anyone to guess. For quite along time I used the phrase:
"Do not squeeze the elephants"
More useful than praying.
Nice to see a clergy man suggesting something a little more helpful than just putting your hands together and praying.
IdetBs!Etstctos!-NFSs8e8
I've done everything the Bible says! Even the stuff that contradicts the other stuff !
- Ned Flanders, ‘Simpsons’, series 8 episode 8
Piece of cake to crack
It is fun because such passwords can be easily cracked by Passcape software. They have a phrase attack in their products that guesses passwords by using a wordlist with phrases and bible wordlist is available for online retrieval from their web site.
This topic is closed for new posts.
