On Friday Jimmy Kimmel asked people passing by the theater where his show is taped their passwords for the Internet (see the YouTube video below). This is part entertainment and part public service to time with the data breach at EquiFax that was reported two days ago.

A huge security breach at credit reporting company Equifax has exposed sensitive information, such as date of birth, Social Security numbers and addresses and in some cases driver license numbers, of up to 143 million Americans. The data breach is among the worst in U.S. history. The number of people affected is well over half of the adult population in the United States. According to Equifax, the data breach happened between mid-May and July. The hack was discovered on July 29, but Equifax did not inform the public until September 7.

The first person on the video was asked, “We are talking to people about the cyber-security breach at Equifax, and in light of that, we’re asking people how secure their Internet passwords are. What do you use for an internet password?” Without hesitation, the young man responded, “Um, I usually stick to my last name. That’s probably not the best thing to do, but usually it’s my last name, a few digits, um, maybe like a hashtag or something.” The interviewer then asked what his last name is. The young man readily gave out the last name. The interviewer even spelled out the last name for him to confirm. The young man also confirmed, upon asking, that the digits that go with the last name are his birthday.

The video is funny. I am amazed at the laziness and carelessness of the people in the video. First of all, the same password should not be used across multiple accounts. A password certainly should not consist of the name of the person with a few digits such as date of birth or the zip code. Everyone in the video is using the same type of passwords. Of course, it could just be a “manipulated” sample (it only includes password stories that have entertainment value).

The same stunt was done previously after the data hack at Sony two years earlier (see the YouTube video below).

There are various strategies one can use to create strong passwords that are easy (or easier) to keep track of. For example, come up with a memorable phrase and the password would be created from using the first letter in each word. Example: The first house I ever lived in was 613 Fake Street. Rent was $400 per month. The resulting password is TfhIeliw613FS.Rw$400pm

(example found here). This is a 22-character password that is based on memorable phrase consisting of two sentences. The beauty is that the password has upper case and lower case letters and numeric characters and special symbols. It is arranged in such a way that people not in the know cannot guess easily. Of course, you who know the memorable phrase can remember. The same password should not be reused for other accounts (don’t be lazy). So come up with a memorable phrase for each account.

There is another way to generate passwords that are strong. The passwords generated in this scheme are 26-character passwords with the first character being the first letter of the English alphabets, the second character being the second letter of the English alphabets and the third character being the third letter of the English alphabets and so on. In fact, this should be given in the Jimmy Kimmel’s video mentioned above. Though all the letters are known, the scheme produces over 67 million possible passwords (67,108,864 to be exact). Read this blog post to know more. Once someone understands how this scheme works, he or she understands the binomial distribution.

$\text{ }$

$\text{ }$

$\text{ }$

$\copyright$ 2017 – Dan Ma