When dictionaries attack

by Colin McIntosh


Do you have problems remembering your passwords? Do you change them on a regular basis? Or do you write them down on scraps of paper, then lose them? Computer passwords need to be secure and memorable, but often if they’re secure, they’re not memorable, and vice versa.

With so many devices and systems now needing to be password-protected, password strength is more important than ever. The Cambridge Dictionary is welcoming several new password-related words to its pages.

The purpose of passwords is to make a computer system secure by providing access control: you need to verify your identity by typing your username and password, and only once the combination of these two has been authenticated can you access the system.

Criminals who try to access your data illegally have various techniques at their disposal. They know that many people use names of family members, birth dates, and so on. One of the commonest and most easily guessable passwords is “password”. Another technique used by hackers is a dictionary attack, where the attackers use a program that automatically goes through all the words in the dictionary until it finds the right one. Who knew that dictionaries could be put to criminal uses?

In order to be secure, the password should consist of a string of alphanumeric characters (a – z, 0 – 9) and non-alphanumeric characters. The non-alphanumeric characters include underscore (_), asterisk ( * ), and ampersand ( & ). If the system is case-sensitive, you will need to remember which letters of your password are upper-case (capital letters) and which are lower-case (not capitals).

Passwords that consist of numbers are called passcodes, and those that are used to access bank accounts at a cash machine (usually ATM in American English) are called PINs or PIN numbers. (Since PIN stands for “personal identification number”, it seems redundant to say PIN number, but it is commonly used).

If you forget your password or passcode, you have a problem. Enter the wrong one too many times, and a security feature will stop the device from working (or your card will be swallowed), and you’ll need to go through a complicated procedure to reset your password or unblock your device.

Help for people who have problems remembering passwords is on its way. Biometric access systems can store detailed information about your body, such as the patterns of colour in your irises (the coloured parts of your eyes), that can be used to prove who you are. Voice-recognition and face-recognition software are also just around the corner when it comes to everyday access. Just don’t tear up your scraps of paper yet!

8 thoughts on “When dictionaries attack

  1. Very good tips on password creation and retention. As you have noted, many of the online systems we engage with today require password protection. But it is impossible to remember all of them whenever we want to log into them! Password storage apps such as “LP Wallet” help solve the problem, I think.

  2. Creating unique sentences which include numbers and symbols works well for we who have memory difficulties. A -FAKE- example might be, “auntMarygAvemethebLuedre$$in_19-6-3” replacing an obscure person, an odd item, and a date to a personal childhood memory. You could vary the level of difficulty, replace small points in the sentence for different sites, and, of course, lie outright about what happened when, (as long as you can recall the lie!) to further foil hackers/teenagers in your home.

  3. I enjoyed this post because secure password combinations are getting more complicated the need for Biometrics will be the key to helping us overcome password overload

  4. Pingback: When dictionaries attack | 21st-century words

Leave a Reply