Thursday, December 29, 2011

yoda's password

some more merch from the secmeme store. this one was intended to look like a post-it note with a username and password on it. you know, the kind that gets stuck to monitors and other places. as such i didn't do any clothes with this one (though i suppose i could if people want me to) because people generally don't stick post-it notes to their clothes.

now there are at least 3 ways of looking at this. first, we generally do really judge passwords by their size, and that combined with the fact that there is upper and lower case letters with a number (S1ze has a 1 in it) and a symbol might make one believe that this is a pretty strong password (the password force is strong with yoda). password strength meters would certainly say that this is a good, strong password. however, because the password is composed of dictionary words, there's actually a lot less entropy here than you might realize. but the biggest and most obvious problem, of course, is that writing it down on a post-it that you stick to your monitor invalidates any security it might have.