Our colleague Tom Colvin from Conseal Security wrote a blog post a few months back called How Random. He suggests that humans are quite ‘random’ in their thought processes and actions – complicated perhaps. By contrast computers are well, not ‘random’. It stands to reason then that humans should be able to generate passwords that are harder to crack, but actually it is easier to guess a human password than a machine-generated password.
When choosing passwords, humans it would seem have a habit of gravitating towards dictionary based words, which are more guessable – especially when the most common starting letter in English language is ‘T’ which is invariably followed by a vowel. In fact, Tom’s blog post suggests that for an 8-character password chosen from an "alphabet" of 94 characters, you'll most likely guess the password within 218 attempts. By contrast, an 8-character random computer-generated password is 23 thousand million times harder to guess.
Read Tom’s full post here - it’s full of other useful facts and stats. Now, I know this is an old routine, but feel free to share any horror stories – are you still seeing password post-it notes on PC screens? When you’re speaking to customers, what password advice are you sharing? What software are you recommending to keep devices and content secure? Are you investigating device security as a potential managed service line?