In the mid-1990s, I had just installed a high-end HP mini running Unix on a Friday, but the application software for it was to be installed the following Monday. So I installed the password cracking program Crack (see http://en.wikipedia.org/wiki/Crack_(password_software)
for a write-up) to have a run at the yypasswd (a distributed password file) file over the weekend.
When I came in Monday morning, I discovered that Crack had determined over two-thirds of the passwords. There were 6 accounts which had no password at all. Many of them fell to dictionary attack — there were users who had the word "password" and one or two who used "swordfish"; days of the week were popular for some reason. I am pleased to say that neither my password nor the root password were cracked.
I had a talk with my boss, who scheduled a meeting that afternoon with the Chief Information Officer and some other senior executives. I came out of that meeting with a new job, Unix Security Analyst. I spent the next month taking some courses, and after that a long time writing memos, procedure and standards documents and giving courses.
Pirate Pete
There's a (possible) example from Rune Scape that may or may not count. If it does, I'm not sure if it counts as a Subversion or a reference. During the quest "The Hunt for the Red Raktuber" you are thrown in a jail cell and the only items you have to escape and sabotage the submarine are several different kinds of fish on a rack. The first part of this process is using an actual swordfish to pick your jail cell lock (this was a puzzle of finding out which fish to use). It's not a password, but comparing how reference heavy this quest series in Rune Scape is I doubt it wasn't an intentional reference to how often swordfish is a password.
Re: The Jet Alone's password in Neon Genesis Evangelion. First, the computer used to deactivate it is onboard the Jet Alone itself, in the middle of an incredibly radioactive room. There's a certain amount of security there. Second, the password wasn't MEANT to be all that secure (though let's face it, who would guess "hope" as a password on that thing?). It was more a symbolic thing, a statement of the Jet Alone being a new HOPE for the future.
And I saw her face
Re: Lot R and the "mellon" password... correct me if I'm wrong, but isn't Moria a dwarven stronghold? The references to elvish make less sense in that context, IMHO.
Edited by evangelikevin Now I'm a believer Hide / Show Replies
Moria was a dwarven stronghold, yes, but the text on the gate was in Elvish.
There seem to be several entries on here that cannot be considered examples because they are good. I would argue that the musical password for the safe example from would actually be very good unless in the actual episode it was extremely easy to figure out the song chosen. This is also true for the Chrono Cross and Earthbound examples. Should there be a separate trope for unorthodox passwords like the examples I have listed?
Replaced this:
With the current picture. Full disclosure, I am kind of Entry Pimping Archer at the moment but I really do think the new one illustrates the trope better.
Hide / Show Replies
The original image is from the trope namer. The Trope Namer. Seriously. Why would you change it?
In what way does it illustrate the trope better? I'm not saying it is not a good illustration of the trope — it is — I just don't see how it's a better example than the old image.
It sure is much duller. The old image is not only a good illustration, it's also amusing. The current one is kind of blah.
I vote change it back. I won't do so immediately but I might in the coming days unless additional reasons for the change are explained and/or lots of people agree with the change.
Edited by girlyboy
By "illustrates the trope better" I meant "you can tell why it's an example without already knowing it." The old picture is the trope namer but it's also arguably in Just A Face And A Caption territory.
No, I think a person showing a Visual Pun on "swordfish" to another person on the other side of a closed door, for a trope called "The Password Is Always "Swordfish"", is not all that unclear, to be honest. I've never seen this show, by the way. Yet I did not find the original image the least bit confusing. It's not that unclear a situation, honestly. One almost has to wilfully ignore what's obviously happening in the picture to try and claim that it's so unclear as to warrant a replacement.
Calling it "a face and a caption" is just silly, and makes it look even more like you're grasping for reasons to replace it. As you said, you're trying to Entry Pimp another show.
The actual "Just A Face And A Caption" entry tells us what "just a face and a caption" would actually be: "A common sin of contributors is to let their Fan Myopia get the best of them and put in a pic that just shows off the face of one of their favorite characters with a caption that makes a joke off of how they fit the trope in their show. This will rarely, if ever, do a good job of showing off the trope."
It is pretty obvious that the original image you replaced in no way fits into Just A Face And A Caption territory. When you say it "arguably" fits there, do you mean "arguably" as in "I'm gonna go argue that black is white?"
The argument is that while on the one hand, it illustrates the trope name, it doesn't illustrate the trope. The "arguably" is because, yes, you can see a relation even if you haven't seen the show, but it doesn't give any idea what the trope is.
The trope is, essentially: In fiction, "passwords are almost invariably single words or names of significance to the character in question which can be easily deduced using a little detective work."
I do not see how the new image illustrates this trope any better, or gives a better idea of what it is, than the considerably more interesting image you replaced with it.
Edited by girlyboy
I've reverted to the original picture, after the previous page edit reminded me to do so (and confirmed that I'm not the only one who feels this way. :P) It does illustrate the trope, of course, and the new picture is bland and boring.
Not to mention that you admitted that a big reason for changing it was to Entry Pimp another show, and while there's nothing wrong with a little Entry Pimping per se, it is not an appropriate reason to replace a perfectly good image like that.
Edited by girlyboy
I am less than persuaded. Honestly, even the general exchange from Horsefeathers only barely qualifies as this trope- the point of the gag isn't "the password is easy to guess"- it's the ludicrous verbal slapstick of the Marx Brothers we all know and love. This main reason the trope has this name is because it's heavily referenced as a classic password title- it has little to do directly with the trope, which is about guessing passwords.
The Marx Brothers image may be "more interesting", but that's only because it's a Visual Pun that has nothing to do with the trope. I'm puzzled that someone can not see the joke in the Archer image- you all do realize that this trope is about characters using easily guessed passwords like "Guest", "Password", or "123456789", right? I mean, just the fact that we can see the words he's typing onscreen and not asterisks is proof that the image is using the trope. Cripes, it's even a pun! That's, like a million tv tropes funny points!
On a related note, we need to work on the definition of Just A Face And A Caption, since people keep interpreting it literally. In the meantime, I've changed the picture back to the Archer image. Further discussion of this issue should take place in the image fixin' forum, where a coherent consensus is more likely to be reached.
Meh. Boring picture that is less relevant, with a poor pun, vs the trope namer and a much more visually interesting picture. Barely one point, not nearly a million.
The password advice on this page is crap. Random strings are NOT ideal passwords for most ordinary people's purposes because NOBODY CAN EVER REMEMBER THAT CRAP! I've see n so many people who think they've got "secure" passwords but what they've actually done is locked everybody - including THEMSELVES out of their stuff. That's counter productive!
And don't go hacking my password just because I said that. Don't Be a Dick.
Random strings are ideal passwords from the point of view of the inside. But they're pathetic from the outside. The more difficult a password is to remember, the more likely people are to write it down and leave it near the computer. The really clever ones will stick it on the bottom of their keyboards. So the 'stronger' the password, the less secure it's likely to be.
Please start a new Discussion Topic using one of the buttons below for discussion of how this page's advice is, or is not, bad. This discussion topic is for talking about how the current page image is horrible and boring, and how it should be replaced with the earlier one from the Trope Namer.
The description of what a good Password makes is flawed at best. The strength of a password can be calculated by the following formula: (Number of characters in used alphabet, e.g. 52 for upper- and lowercase letters)^(length of password) The result of the above represents how many different passwords an attacker would have to try to get the right one with 100% certainity, assuming he allready knew your alphabet and your password length. The higher that number is, the better the password.
Now, a password like aK3_#Hö< is obviously better than a password like aksmeham, which prompted many people, including a disturbingly high number of wannabe specialists, to distribute the whole "the only secure password is one with numbers, mixed case letters and symbols" bull.
The fact is that you just have to make a password a bit longer than its W3ir_D counterpart and it will just be as secure, if not more. Compare the following two passwords: kN4#` kNeSpl The first password (94^5 ~= 7.3 billions) is not even half as good as the second one (52^6 ~= 19.7 billions) and it is way harder to remember. So in choosing good passwords, you should aim for length, not for special characters, numbers etc. (of course, in reality, 6 characters are too few, you should aim at 15-20)
Another wrong part in the article is that strung together phrases are weaker than random letters. This is true if you mean random letters of the same length as the words, but the way it's currently worded is that it's generally not good. If you work with words, you have an "alphabet" that is as large as the number of words in your language and a password length that is equal to the number of words in your password. (This is of course only true if a normal brute force attack wouldn't be faster than the dictionary one, which it would for a one-word-password like "is", but that's a detail) Since the english language has about 170000 words in current use, a password like "swordfish" has a strenght of 170000^1 = 170000, which is so weak that a dictionary attack probably has it in less than a second. yet, you can string random words together to an impressive length and still be able to remember it well (note: do not use real sentences. they're theoretically weaker because of the structure), even better that you would be able to remember a relatively short random mixed-case alphanumeric one. Guess how many random words you would need to have a better password than "kN4#`". Two. yes, two words are enough. cheeseironic is a better password than kN4#` (for both dictionary (eg trying word for word) and bruteforce (eg trying character for character) attack)
now, which of these is easier to remember, kN4#`, kNeSpl or cheeseironic? Of course the third one. (ch33seiron1c would, of course, be immensely better again than all three, because dictionary attacks on it would fail, improving it's strength from 170000^2 to 36^12, but then it would fall in the "normal" password territory at the top again, so that's beside the point here, which is that even strung together words can be strong passwords)
Moral of the story: Aim for length and don't be afraid to use normal words as long as you use several of them. All that random case, numbers, special characters etc just makes it hard to remember, prompting you to use too short passwords. Who would really go on and remember a 19-character mixed-case-alphanumeric password? nah, you go and use puny 8 characters ones, which are too short to really be secure, no matter what alphabet you use.
Now there's another problem that crops up way too often. Many services actually restrict your password length for some reason or another, so the stringing-words-together-approach fails, not because of its strength but because whoever made the form/program/etc with the too short pw field sucks. In my opinion, using as-long-as-allowed mixed-case passwords works best, no need for numbers and symbols.
I spare you other specifics like that most web forums use a 128 bit hash so passwords where alphabet^length > 2^128 make no sense etc.
Now, as you can see, if you bared with me, most of the article text doesn't make much sense, esp. calling a password that looks like cartoon-swearing a good one while condemning those that only contain characters, but as you also can see, I kinda suck at explaining that. Would be cool if someone who's better at explaining could update/correct the article
Hide / Show Replies