Saturday, October 24, 2015

These researchers have discovered the perfect password that’s also easy to remember

from washingtonpost



   
The first thing you learn when you try to create a good password is that your memory is pretty terrible. The second thing you might learn is that you're really bad at being random.
True randomness is hard to predict; humans aren't. Even if you’re not one of the millions of people who use passwords like “12345678” or “password,” you might still be making some amateur mistakes. For example, using a common phrase as your password, but then replacing the “i” with a “1,” or the "a" with a "@," and so on. Or using common words and phrases, and putting the characters and numerals at the end of the password, instead of spaced randomly throughout. Or re-using passwords across sites, or not changing them often enough.
In short, basically any technique that would allow a human being to actually remember a password.
Okay, you say, but how do you possibly get around this? Any password that is going to be reasonably secure is also going to be impossible to remember. And any password you can possibly remember is probably going to be terrible. That’s just the law of passwords, right?
As the Post's Alexandra Petri writes, “The perfectly secure, perfectly memorable password is absolutely pure and rarer than the unicorn.... That is to say, no one has ever found it, and some doubt whether it exists at all.”
But two researchers at the University of Southern California may have finally come up with the perfect solution. Marjan Ghazvininejad and Kevin Knight of the University of Southern California have published a paper with a novel solution for creating with passwords that are both extremely hard to crack and relatively easy to remember: randomly-generated poems.
The inspiration for Ghazvininejad and Knight’s study was actually a cartoon, created by Randall Munroe of Xkcd, which showed how a password made up of four random words – like “correct horse battery staple” – is far more secure and a lot easier for people to remember than the typical jumble of random letters, numbers and symbols that most people think of as a secure password.
Munroe's point is that, even if you pick a fairly uncommon word, like "Troubadour," and replace some of the letters with other symbols, this combination might only take a computer seconds, minutes or hours to guess. But a combination of four totally random words is both hard for a hacker to crack and easy for a person to remember — you can make up some weird little story about a horse correctly identifying a battery staple that will stick with you forever, unlike your coworkers' spouses' names, or the date of your anniversary. (If you want to know more about the method behind this, check out this reddit thread.)
The secret here is that those four random words are actually generated based on one very large random number. That random number is then broken up into segments, each of which corresponds with a word in the dictionary. It's basically a form of cryptography. To guess the full random number, a computer might have to test billions of billions of billions of possibilities before it hits on the right one, says Knight.
But while Munroe suggested using this large number to pick four random words, Ghazvininejad and Knight hit on the idea of using it to create a little poem.
In their paper, Ghazvininejad and Knight look at a few different methods for generating random passwords – the Xkcd method of using four random words, as well as a method of generating a random sentence – but they find that by far the most secure and the most memorable method is creating a short rhyming poem of random words.
As the researchers point out, humans have been using poetry as a way to remember information for thousands of years. It’s no accident that long epics, like the 12,000-line Odyssey, or the 17,000-line Canterbury Tales, were written using meter or rhyme. Most people today can’t recite the Canterbury Tales, but they’ve still had certain sing-songy rhymes permanently burned into their memory – like “Thirty days hath September,” or the weather beacon rhymes that people once learned before weather apps came along.
Ghazvininejad and Knight create their poems by assigning every word in a 327,868-word dictionary a distinct code. They then use a computer program to generate a very long random number, break that number up into pieces, and then translate those pieces into two short phrases. The computer program they use ensures that the two lines end in words that rhyme, and that the whole phrase is in iambic tetrameter, like so:
Receiver Mathew Halloween 
deliver cousin magazine
These passwords might seem a little odd, but they're actually very, very secure. At current speeds, Knight estimates that cracking these passwords would take around 5 million years. By which point, we probably won't be using Facebook anymore.
If you read too many of these, they will make you feel a little crazy. But some of them are really fun to say:
The reigning Hagen journeyman 
believers mini minivan
And teaches scripture bungalow 
or celebrate or Idaho
Others are weird and evocative, hinting at wild stories just waiting to be made up as memory devices:
And British fiction engineer 
Travolta captured bombardier
Australia juggernaut employed 
the Daniel Lincoln asteroid
Enrique Hasbro Japanese 
revealed aggressive amputees
Competing holy Hemingway 
complies American ballet
A peanut never classified 
expected branches citywide
The latest Union Rodeo 
amounts of aiding dynamo
Ghazvininejad and Knight developed an online generator for these little poems, which you can try out here. They caution that this site is just for demonstration — hackers could potentially download all of these and try them out, so don't use them for your password.
If you want your own little poem password, you can enter your e-mail here, and their program will send you a secure one, which will then be deleted from their server.
Obviously, remembering a little poem for every password you have might be difficult, but the researchers suggest you could use one or two of these poem passwords for your most important accounts, or use one for your password manager, which will keep all your other information secure. Many sites will ask you to add a special character or number to your password, but that shouldn't be too hard -- you could just add some punctuation, or maybe replaces spaces with special characters.
The biggest drawback is that many sites these days limit the number of characters that you can use in your passwords, so these poems are probably too long for many of your accounts. But perhaps that will change someday soon. More and more sites are considering dropping the character limit, since shorter passwords are a lot less secure.
You might also like:
Eight smart ways to strengthen your password
Play Video1:41
In light of recent cyber security breaches, here are the best ways to protect your passwords. (Sarah Parnass and Natalie Jennings/The Washington Post)
Ana Swanson is a reporter for Wonkblog specializing in business, economics, data visualization and China. She also works on Know More, Wonkblog's social media channel.
253
 
Comments

Tuesday, September 22, 2015

Why Would Apple Make an Electric Car, Not a Driverless One?

from theatlantic



A woman touches the display in a Volvo with integrated iPhone voice control.Arnd Wiegmann / Reuters

We noticed that you have an
AD BLOCKER
ENABLED

Please consider disabling it for our site, or supporting our work in one of these ways



Sign up for
The Atlantic Daily newsletter
 


Apple is doubling down on developing an electric car, and has assigned a 2019 ship-date to its secret automotive project, code-named Titan, according to a report this week in The Wall Street Journal.
The latest news builds on earlier reports that indicate Apple is increasingly committed to entering the car market at a time when many believe the industry faces unprecedented disruption. Earlier this year, Apple lawyers met with officials at California's Department of Motor Vehicles and Apple engineers quietly scoped out a 2,100-acre campus in the Bay Area that’s being used as a high-security testing ground for autonomous vehicles, The Guardian reported.
With the race to build self-driving cars accelerating, Apple’s plans for an electric vehicle raise one overarching question: Why would the company focus on building an electric car rather than a driverless one?
There are a few ways to think about this, but it should be pointed out that we don’t actually know that Apple isn’t committed to a driverless car. Apple is famously secretive, and often has a deliberate hand in the information that leaks about its plans. The Wall Street Journal, citing anonymous sources familiar with the matter, reported that although Apple won’t make its first electric car fully autonomous, that capability is “part of the product’s long-term plans.”


There are a few reasons it could make sense for Apple to focus on electric cars before driverless ones. For starters, just establishing itself as a potential player in this space is a way to appear competitive. “At zero cost, with a few leaks, Apple has overnight created brand buzz for itself in the auto market, for which Google had to spend millions developing and promoting its driverless car experiments," Holman Jenkins Jr. wrote for the Journal in March.
The cost of actually developing a driverless car entails more than financial risk. Apple has the money, but it also has to be calculated about what sorts of gambles it takes and when. Silicon Valley is already convinced that driverless cars are the future, but actually getting them on the roads—and not just test vehicles in Mountain View or in Austin, as Google has done—will still require surmounting enormous regulatory and technological challenges. “I don’t think anyone is clear, at the moment, on how autonomous driving is actually going to get introduced,” said Andrew Moore, the dean of computer science at Carnegie Mellon.
Perhaps Apple wants to establish itself in the car industry by first introducing a car fully integrated with its existing operating systems before eventually moving to a driverless model. That gradual approach to autonomy is the one favored by traditional automakers, who plan to move their vehicles toward driverlessness feature-by-feature. And, besides, why not let Google and Uber fight regulatory battles and confront difficult safety questions in public? “No one is going to want to realize autonomous driving into the world until there’s proof that it’s much safer, like a factor of 100 safer, than having a human drive,” Moore told me. “But even then, at a factor of 100 safer, it won’t be long before there is an accident.” In Moore’s estimation, those first accidents will set back the driverless-car movement by a couple of years.
Looking back, perhaps something can be learned from Apple's first foray into the phone market, a comparison that also serves as a reminder that the company has a history of testing the waters in a new industry before diving in. In September 2005, Apple teamed up with Motorola and Cingular Wireless on the Rokr, a cell phone that ran iTunes. “We’ve worked closely with Motorola to deliver the world’s best music experience on a mobile phone,” said Apple CEO Steve Jobs ina statement at the time.
Just over a year later, Jobs announced the iPhone, calling it “a revolutionary and magical product that is literally five years ahead of any other mobile phone.”
Five years from now, if the company meets its target, we may better understand what kind of car Apple truly wants to build.



Monday, January 19, 2015

Google said to be in talks to invest in SpaceX at $10bn valuation

from venturebeat.com


Elon Musk, the last living tech CEO who knows what the hell he's doing
Above: Tesla CEO Elon Musk
Image Credit: Dylan Tweney/VentureBeat