Great mate Barry and I did a podcast yesterday. In and around the podcast, we chatted about password security, a subject not missed by fellow great mate Alan – he’s a great fan of pass phrases (i.e. a sentence instead of a single word). So yesterday, whilst in London, Barry picked up an Oyster card application form – I’m kind of interested in getting one, if only to maintain the stereotype of a Scotsman (although Mr Smeaton has changed that!)
Imagine my surprise at reading section 3. Password:
What’s this all about? A password is now called an answer. The password can’t be longer than 18 characters and cannot use spaces or punctuation? Adding a space or two and some punctuation is the first step to making a strong or secure password. Limiting it to 18 characters, including numerical values, rules out pass phrases (which are harder to guess and less prone to dictionary attacks). But, the other answers on this part of the form, can include spaces. Your mother’s maiden name? Does it have spaces?
Better wording of this question and more flexibility for the password are required…surely?
Technorati Tags: password, passwords, password security, password insecurity, passphrase, pass phrase, passphrases, pass phrases, oyster, oyster card, Barry Dorrans, Alan Henderson, blackhatspider, idunno, dictionary attacks, johnsmeaton.com, john smeaton
“if only to maintain the stereotype of a Scotsman”
How is an oyster card alcoholic or deep fried?
I was, of course, referring to Scotsman being tight fisted “every penny’s a prisoner” types. However, since the most folks south of the border (Barry isn’t a southern person, he just lives there!) believe that we deep fry Mars Bars (other confectionery is available) and drink too much. He might have a point…I don’t do deep fried chocolate, but I do enjoy a drink (in moderation you understand!)