Saturday, October 24, 2015

These researchers have discovered the perfect password that’s also easy to remember

from washingtonpost



   
The first thing you learn when you try to create a good password is that your memory is pretty terrible. The second thing you might learn is that you're really bad at being random.
True randomness is hard to predict; humans aren't. Even if you’re not one of the millions of people who use passwords like “12345678” or “password,” you might still be making some amateur mistakes. For example, using a common phrase as your password, but then replacing the “i” with a “1,” or the "a" with a "@," and so on. Or using common words and phrases, and putting the characters and numerals at the end of the password, instead of spaced randomly throughout. Or re-using passwords across sites, or not changing them often enough.
In short, basically any technique that would allow a human being to actually remember a password.
Okay, you say, but how do you possibly get around this? Any password that is going to be reasonably secure is also going to be impossible to remember. And any password you can possibly remember is probably going to be terrible. That’s just the law of passwords, right?
As the Post's Alexandra Petri writes, “The perfectly secure, perfectly memorable password is absolutely pure and rarer than the unicorn.... That is to say, no one has ever found it, and some doubt whether it exists at all.”
But two researchers at the University of Southern California may have finally come up with the perfect solution. Marjan Ghazvininejad and Kevin Knight of the University of Southern California have published a paper with a novel solution for creating with passwords that are both extremely hard to crack and relatively easy to remember: randomly-generated poems.
The inspiration for Ghazvininejad and Knight’s study was actually a cartoon, created by Randall Munroe of Xkcd, which showed how a password made up of four random words – like “correct horse battery staple” – is far more secure and a lot easier for people to remember than the typical jumble of random letters, numbers and symbols that most people think of as a secure password.
Munroe's point is that, even if you pick a fairly uncommon word, like "Troubadour," and replace some of the letters with other symbols, this combination might only take a computer seconds, minutes or hours to guess. But a combination of four totally random words is both hard for a hacker to crack and easy for a person to remember — you can make up some weird little story about a horse correctly identifying a battery staple that will stick with you forever, unlike your coworkers' spouses' names, or the date of your anniversary. (If you want to know more about the method behind this, check out this reddit thread.)
The secret here is that those four random words are actually generated based on one very large random number. That random number is then broken up into segments, each of which corresponds with a word in the dictionary. It's basically a form of cryptography. To guess the full random number, a computer might have to test billions of billions of billions of possibilities before it hits on the right one, says Knight.
But while Munroe suggested using this large number to pick four random words, Ghazvininejad and Knight hit on the idea of using it to create a little poem.
In their paper, Ghazvininejad and Knight look at a few different methods for generating random passwords – the Xkcd method of using four random words, as well as a method of generating a random sentence – but they find that by far the most secure and the most memorable method is creating a short rhyming poem of random words.
As the researchers point out, humans have been using poetry as a way to remember information for thousands of years. It’s no accident that long epics, like the 12,000-line Odyssey, or the 17,000-line Canterbury Tales, were written using meter or rhyme. Most people today can’t recite the Canterbury Tales, but they’ve still had certain sing-songy rhymes permanently burned into their memory – like “Thirty days hath September,” or the weather beacon rhymes that people once learned before weather apps came along.
Ghazvininejad and Knight create their poems by assigning every word in a 327,868-word dictionary a distinct code. They then use a computer program to generate a very long random number, break that number up into pieces, and then translate those pieces into two short phrases. The computer program they use ensures that the two lines end in words that rhyme, and that the whole phrase is in iambic tetrameter, like so:
Receiver Mathew Halloween 
deliver cousin magazine
These passwords might seem a little odd, but they're actually very, very secure. At current speeds, Knight estimates that cracking these passwords would take around 5 million years. By which point, we probably won't be using Facebook anymore.
If you read too many of these, they will make you feel a little crazy. But some of them are really fun to say:
The reigning Hagen journeyman 
believers mini minivan
And teaches scripture bungalow 
or celebrate or Idaho
Others are weird and evocative, hinting at wild stories just waiting to be made up as memory devices:
And British fiction engineer 
Travolta captured bombardier
Australia juggernaut employed 
the Daniel Lincoln asteroid
Enrique Hasbro Japanese 
revealed aggressive amputees
Competing holy Hemingway 
complies American ballet
A peanut never classified 
expected branches citywide
The latest Union Rodeo 
amounts of aiding dynamo
Ghazvininejad and Knight developed an online generator for these little poems, which you can try out here. They caution that this site is just for demonstration — hackers could potentially download all of these and try them out, so don't use them for your password.
If you want your own little poem password, you can enter your e-mail here, and their program will send you a secure one, which will then be deleted from their server.
Obviously, remembering a little poem for every password you have might be difficult, but the researchers suggest you could use one or two of these poem passwords for your most important accounts, or use one for your password manager, which will keep all your other information secure. Many sites will ask you to add a special character or number to your password, but that shouldn't be too hard -- you could just add some punctuation, or maybe replaces spaces with special characters.
The biggest drawback is that many sites these days limit the number of characters that you can use in your passwords, so these poems are probably too long for many of your accounts. But perhaps that will change someday soon. More and more sites are considering dropping the character limit, since shorter passwords are a lot less secure.
You might also like:
Eight smart ways to strengthen your password
Play Video1:41
In light of recent cyber security breaches, here are the best ways to protect your passwords. (Sarah Parnass and Natalie Jennings/The Washington Post)
Ana Swanson is a reporter for Wonkblog specializing in business, economics, data visualization and China. She also works on Know More, Wonkblog's social media channel.
253
 
Comments

Tuesday, September 22, 2015

Why Would Apple Make an Electric Car, Not a Driverless One?

from theatlantic



A woman touches the display in a Volvo with integrated iPhone voice control.Arnd Wiegmann / Reuters

We noticed that you have an
AD BLOCKER
ENABLED

Please consider disabling it for our site, or supporting our work in one of these ways



Sign up for
The Atlantic Daily newsletter
 


Apple is doubling down on developing an electric car, and has assigned a 2019 ship-date to its secret automotive project, code-named Titan, according to a report this week in The Wall Street Journal.
The latest news builds on earlier reports that indicate Apple is increasingly committed to entering the car market at a time when many believe the industry faces unprecedented disruption. Earlier this year, Apple lawyers met with officials at California's Department of Motor Vehicles and Apple engineers quietly scoped out a 2,100-acre campus in the Bay Area that’s being used as a high-security testing ground for autonomous vehicles, The Guardian reported.
With the race to build self-driving cars accelerating, Apple’s plans for an electric vehicle raise one overarching question: Why would the company focus on building an electric car rather than a driverless one?
There are a few ways to think about this, but it should be pointed out that we don’t actually know that Apple isn’t committed to a driverless car. Apple is famously secretive, and often has a deliberate hand in the information that leaks about its plans. The Wall Street Journal, citing anonymous sources familiar with the matter, reported that although Apple won’t make its first electric car fully autonomous, that capability is “part of the product’s long-term plans.”


There are a few reasons it could make sense for Apple to focus on electric cars before driverless ones. For starters, just establishing itself as a potential player in this space is a way to appear competitive. “At zero cost, with a few leaks, Apple has overnight created brand buzz for itself in the auto market, for which Google had to spend millions developing and promoting its driverless car experiments," Holman Jenkins Jr. wrote for the Journal in March.
The cost of actually developing a driverless car entails more than financial risk. Apple has the money, but it also has to be calculated about what sorts of gambles it takes and when. Silicon Valley is already convinced that driverless cars are the future, but actually getting them on the roads—and not just test vehicles in Mountain View or in Austin, as Google has done—will still require surmounting enormous regulatory and technological challenges. “I don’t think anyone is clear, at the moment, on how autonomous driving is actually going to get introduced,” said Andrew Moore, the dean of computer science at Carnegie Mellon.
Perhaps Apple wants to establish itself in the car industry by first introducing a car fully integrated with its existing operating systems before eventually moving to a driverless model. That gradual approach to autonomy is the one favored by traditional automakers, who plan to move their vehicles toward driverlessness feature-by-feature. And, besides, why not let Google and Uber fight regulatory battles and confront difficult safety questions in public? “No one is going to want to realize autonomous driving into the world until there’s proof that it’s much safer, like a factor of 100 safer, than having a human drive,” Moore told me. “But even then, at a factor of 100 safer, it won’t be long before there is an accident.” In Moore’s estimation, those first accidents will set back the driverless-car movement by a couple of years.
Looking back, perhaps something can be learned from Apple's first foray into the phone market, a comparison that also serves as a reminder that the company has a history of testing the waters in a new industry before diving in. In September 2005, Apple teamed up with Motorola and Cingular Wireless on the Rokr, a cell phone that ran iTunes. “We’ve worked closely with Motorola to deliver the world’s best music experience on a mobile phone,” said Apple CEO Steve Jobs ina statement at the time.
Just over a year later, Jobs announced the iPhone, calling it “a revolutionary and magical product that is literally five years ahead of any other mobile phone.”
Five years from now, if the company meets its target, we may better understand what kind of car Apple truly wants to build.



Monday, January 19, 2015

Google said to be in talks to invest in SpaceX at $10bn valuation

from venturebeat.com


Elon Musk, the last living tech CEO who knows what the hell he's doing
Above: Tesla CEO Elon Musk
Image Credit: Dylan Tweney/VentureBeat

Monday, September 22, 2014

NASA Mars Orbiter Arrives at Red Planet Tonight: Watch It Live

from space.com


By Elizabeth Howell, Space.com Contributor   |   September 21, 2014 07:30am ET






Update for Monday, Sept. 22: NASA's MAVEN orbiter has successfully arrived at Mars. To see our arrival story, visit: NASA Spacecraft Arrives at Mars to Probe Mysteries of Red Planet's Air.
A NASA spacecraft built to study the atmosphere of Mars like never before will arrive at the Red Planet tonight (Sept. 21) and you can watch it live online.
After 10 months in deep-space, NASA's Mars Atmosphere and Volatile EvolutioN (MAVEN) spacecraft is expected to enter orbit around Mars and begin a one-year mission studying the planet's upper atmosphere. The Mars arrival will cap a 442 million-mile (711 million kilometers) trek across the solar system.

Sunday, September 21, 2014

Microsoft fights Android and Chrome OS with dirt-cheap Windows 8.1 PCs and …

from pctablet.name




 
How do you compete when your fiercest rival is willing to give away its product? That’s the dilemma Microsoft faces in trying to compete with Google, which offers the Android operating system and Chrome OS to OEMs for nothing.
Redmond’s response, earlier this year, was to introduce a variant of the Windows client software: Windows 8.1 with Bing. This OS option is available to OEMs at a price that’s a carefully guarded secret but is probably close to zero. Yes, there’s a catch—two of them, in fact. Windows 8.1 for Bing is available only on low-cost devices, and OEMs are unable to change the default search engine during the setup process. (The PC buyer can change search defaults with no restrictions after starting up for the first time.)
In all other respects, this is just Windows 8.1, available in 32-bit and 64-bit versions, with variants in Chinese and single (non-English) languages.
At the IFA tradeshow in Berlin this week, OEMs have begun taking advantage of the lower Windows licensing cost to unleash a flood of small tablets at prices that were previously unheard of for Windows devices. Toshiba’s 7-inch Encore Mini tablet, for example, will sell for $120 in the U.S. (129 Euros in Europe). Acer’s Iconia Tab 8 W, an 8-inch tablet with a quad-core CPU, is priced aggressively as well, at $150. And plenty more are on the way, all running Windows 8.1 for Bing.
The new, cheaper Windows isn’t just for tablets. Microsoft and its OEM partners are taking aim at Chromebooks, with Windows 8.1 with Bing showing up on low-cost laptops this week as well.
Toshiba’s new Satellite CL10-B, for example, is an 11-inch clamshell-style laptop with 32 GB of eMMC flash storage and 100 GB of OneDrive cloud storage, prepaid for two years. The price tag of 269 Euros undercuts the new 13-inch Chromebook 2, which Toshiba is exhibiting a mere 10 feet away at its IFA stand. That device, with a bigger screen, checks in at a price of 349 Euros for 16 GB of built-in storage and 100 GB of Google Drive cloud storage, also prepaid for two years.
And it’s just one of many similar neo-netbooks that will be showing up this fall, including the resurrection of the Ur-netbook, the ASUS EeeBook Z205, at $199. HP’s Pavilion 10Z, introduced earlier this summer, is one of the few Windows 8.1 with Bing devices that includes a touchscreen.
One way that Microsoft and its partners are able to tamp down costs is by shrinking the amount of built-in storage available with these new devices. The specs for Windows 8.1 with Bing allow manufacturers to ship tablets with as little as 16 GB of flash (or SSD) storage. The clamshell devices typically include 32 GB of flash RAM.
The reason PC makers can get away with such skimpy storage is a new feature called WIMBoot, which allows the OEM to install Windows so that it runs directly from the compressed image file previously used only for Windows 8.x recovery functions.
This diagram, taken from a Microsoft technical article for OEMs, explains how the disk layout differs for a WIMBoot installation.
wimboot-architecture
With a WIMBoot installation, the system boots from the same Windows image (WIM) file used for system recovery purposes, freeing huge amounts of disk space. Image via Microsoft TechNet.
The difference in free storage is profound. On that Toshiba Satellite notebook with 32 GB of flash storage, I checked the system disk using File Explorer: there was a total of 24.5 billion bytes of free space (reported as 22.9 GB in File Explorer), which means the full Windows installation takes up only 7.5 billion bytes, or 7 GB as reported in File Explorer. (For an explanation of the confusing way Windows reports disk space usage, see this article.)
That’s a huge improvement over a conventional Windows installation, which can gobble up half of a 32 GB drive. In my tests of other systems using WIMBoot compression, I’ve seen no degradation of performance. In addition, every device I looked at offers expansion through removable storage.
Several of the low-cost devices I’ve seen at IFA so far also include a one-year subscription to Office 365 Personal. Presumably Microsoft is betting that a significant proportion of those device owners will get hooked on Office and renew their subscription when the year is up.

Must See Gallery

Six ways to improve your Wi-Fi network
The move is vaguely reminiscent of the inexpensive Starter editions Microsoft released in the Windows Vista and Windows 7 era. Those editions were hobbled, feature-wise, and at one point Microsoft even planned to restrict those editions to running only three apps simultaneously, although they eventually reversed course on that decision. In contrast, Windows 8.1 with Bing contains the full Windows feature set.
And it’s worth remembering that although those early netbooks were unbearably slow, that’s not likely to be a problem with this generation. Modern CPUs are more than capable of handling the demands of media consumption and basic productivity tasks without breaking a sweat. None of these low-priced devices will be suitable for video or photo editing but that’s not their intended role.
For OEMs already dealing with razor-thin profit margins, these new device classes are a mixed blessing at best. The slimmer prices will also drive down revenues for Microsoft, which is used to collecting a full license fee for every Windows device. But for consumers the low prices might be enough to distract attention away from Android devices and Chromebooks.
This story has been updated since its original publication to include discussions of WIMBoot performance and historical comparisons with earlier Windows versions.