Warm Southern Breeze

"… there is no such thing as nothing."

iPhone security

Posted by Warm Southern Breeze on Sunday, January 29, 2012

iPhone security - ss1167

iPhone security – ss1167

Originally uploaded by SouthernBreeze

Via Flickr:
The 4our digit passkey is the one with which most may be familiar. Yet some iPhone owners may not be aware that there is another, more secure method of protecting their investment in that wonderfully powerful tool.

A more complex (and therefore secure) combination – one of the user’s own choosing – is able to be used. Not only is the creation of that passkey cAsE sEnSiTiVe, but numbers (0-9) and characters (such as # , $ ) @ + } ~ ? <, etc.) are able to be employed in the creation of the passkey.

There are several benefits to using such a system, not the least of which means that millions more choices for creating a passkey become available. By using 4our digits, there are automatically 10000 choices available, so a “brute force” attack could be readily and successfully executed by anyone with a few minutes of time.

Yet for many, the creation of secure passkeys remains not merely a source of frustration, but of mystery, as well. How does one create secure passkeys? In many secure environments such as government work, healthcare, or certain industrial environments, passkeys are generated for the computer user – which remains a source of frustration, because those passkeys are often nonsensical randomized combinations of upper and lower case letters, numbers and characters – making them all the more difficult to memorize.

Here are a few examples:
#1.) s[+&,?a`Z6Sx/v=u#+3g06-8VEG5f;+R;tQTM%UR<jCEQ{Ks<,~;S=e=7-
#2.) 8414CF5CDB1F5F0F74B2D0EA9480D5E053A0B151FD74FFD6B27767A143C40F4F
#3.) cTcIy3EGqHlQuiBiu5GNdqmRrId0H7S1TnZPM3LyA1v85K8TxQSJ6HDiT9CvZqa

However, when the opportunity for a human-generated passkey is given, many make very poor choices and sometimes use one word – which is readily broken by a brute force dictionary attack. Some authorities suggest that words, phrases and sequential numbers should not be used. But again, unless one is in an ultra-high security field which necessitates using RSA 1024 bit security, or higher, most passkeys can be created with a very significant degree of security.

Inventing passkeys can be as simple – or as complex – as reading this entry.

For example, using one’s name (ex., John James Audubon) and a calendar date (ex., January 27, 1851) the following key could be generated: 1Jn27Js51An
{The first and last letters of the first, middle & last names with the numerical date preceding each letter.}

An variation upon that theme using characters could be: (1Jn27Js)-51An
{The same routine, only with open & close parentheses.}

Another variation upon that same theme could be: Jn.1Js/27-51An
{The same routine, only with period, dash and slash.}

Other suitable options – but which experts may consider perhaps less secure, ultimately – could use phrases or sentences, such as: MyNameIsJohnJamesAudubon,&IDied1271851.

Another variation upon that theme could be: MyNameIsJohnJamesAudubon&I(d.1-27-1851)

Notice in both cases, UPPER & lower case letters were used, as were numbers and characters – the period, the ampersand, and open & close parentheses.

Here are two resources which can test the security, or strength of passwords:
Microsoft’s Password Checker
(Just so the reader will know, the passkey “MyNameIsJohnJamesAudubon&I(d.1-27-1851)” as illustrated above, checked BEST in strength on the Microsoft Password Checker.)
Password Meter Password Strength Checker
(The same key as mentioned above, scored 100%, and rated “Very Strong” in Complexity on the Password Meter site.)

Remember, humans invented computers, and as such, are smarter than computers. The only problem with that is, that sometimes, we don’t want to remind ourselves of that fact.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: