How to use a dictionary to keep you safe

In light of the recent data breach at the credit reporting company Equifax that affects one in two adults in the United States and other instances of security breach in the last several years, many consumers just want to throw up their hands and give up. Systems that store sensitive personal information seem to get hacked on a regular basis. How do we keep our information safe?

It is true that certain aspects of the digital security are out of our hand. Doing this one thing will go a long way to help safe guard our information safe – using a strong password for each of our online accounts. In addition, do not reuse password across multiple accounts and change passwords on a regular basis.

We highlight two ways to create passwords. It is not commonly suggested that dictionary words are used in forming a password. If done right, a dictionary such as the following will be a useful tool for creating strong passwords.

Using familiar words or proper pronouns is a no no. People may get lazy and use proper nouns such as their favorite movies or sport teams. Two examples are:

    PirateOfTheCaribbean

    LosAngelesLakers

Hackers may use a prebuilt list of common words and familiar proper pronouns to hack such passwords. Such list may be just 20,000 words long, not long enough to offer security. In this blog post in the All Math Considered blog (a companion blog), we show how to randomly select 5 words in the dictionary shown above. The following is the example demonstrated in that blog post.

    idioticwideopenevulsionpinheadtheodolite

The above example is a 41-character password. How much better are such passwords? The dictionary in question has about 65,000 words. There would be over 1 septillion 5-word strings that can be formed out of this dictionary. One septillion is 1 trillion times 1 trillion. If a computer or a network of computers can check 1,000 of the 1 septillion possibilities per second, it would take over 1 million years to exhaust all the possibilities. So a brute force attack is not a feasible approach. The hacker will have to find other ways. In this case, the safety of large numbers is on your side.

Remember, for dictionary words to work as passwords, the words must be randomly chosen. See this blog post to see how to select words at random.

Another approach is to use a sentence or sentences that are memorable. Then use the first letter from each word. For example,

    MfmiPoTCaIaadhLALf

The above string is taken from the first letters of the sentence “My favorite movie is Pirate of the Caribbean and I am a die hard LA Lakers fan”. So the same two familiar proper nouns mentioned above can be turned into a memorable phrase for a strong password. See the discussion in this blog post in the companion blog called Talking about Numbers.

combinatorics

strong passwords

Cyber Security

math

Daniel Ma

mathematics

\copyright 2017 – Dan Ma

Jimmy Kimmel Asks People Their Passwords

On Friday Jimmy Kimmel asked people passing by the theater where his show is taped their passwords for the Internet (see the YouTube video below). This is part entertainment and part public service to time with the data breach at EquiFax that was reported two days ago.

A huge security breach at credit reporting company Equifax has exposed sensitive information, such as date of birth, Social Security numbers and addresses and in some cases driver license numbers, of up to 143 million Americans. The data breach is among the worst in U.S. history. The number of people affected is well over half of the adult population in the United States. According to Equifax, the data breach happened between mid-May and July. The hack was discovered on July 29, but Equifax did not inform the public until September 7.

The first person on the video was asked, “We are talking to people about the cyber-security breach at Equifax, and in light of that, we’re asking people how secure their Internet passwords are. What do you use for an internet password?” Without hesitation, the young man responded, “Um, I usually stick to my last name. That’s probably not the best thing to do, but usually it’s my last name, a few digits, um, maybe like a hashtag or something.” The interviewer then asked what his last name is. The young man readily gave out the last name. The interviewer even spelled out the last name for him to confirm. The young man also confirmed, upon asking, that the digits that go with the last name are his birthday.

The video is funny. I am amazed at the laziness and carelessness of the people in the video. First of all, the same password should not be used across multiple accounts. A password certainly should not consist of the name of the person with a few digits such as date of birth or the zip code. Everyone in the video is using the same type of passwords. Of course, it could just be a “manipulated” sample (it only includes password stories that have entertainment value).

The same stunt was done previously after the data hack at Sony two years earlier (see the YouTube video below).

There are various strategies one can use to create strong passwords that are easy (or easier) to keep track of. For example, come up with a memorable phrase and the password would be created from using the first letter in each word. Example: The first house I ever lived in was 613 Fake Street. Rent was $400 per month. The resulting password is

    TfhIeliw613FS.Rw$400pm

(example found here). This is a 22-character password that is based on memorable phrase consisting of two sentences. The beauty is that the password has upper case and lower case letters and numeric characters and special symbols. It is arranged in such a way that people not in the know cannot guess easily. Of course, you who know the memorable phrase can remember. The same password should not be reused for other accounts (don’t be lazy). So come up with a memorable phrase for each account.

There is another way to generate passwords that are strong. The passwords generated in this scheme are 26-character passwords with the first character being the first letter of the English alphabets, the second character being the second letter of the English alphabets and the third character being the third letter of the English alphabets and so on. In fact, this should be given in the Jimmy Kimmel’s video mentioned above. Though all the letters are known, the scheme produces over 67 million possible passwords (67,108,864 to be exact). Read this blog post to know more. Once someone understands how this scheme works, he or she understands the binomial distribution.

\text{ }

\text{ }

\text{ }

\copyright 2017 – Dan Ma

Powerball and the lottery curse

The recent winner of the Powerball jackpot is Mavis Wanczyk, a hospital worker from Chicopee, Massachusetts.

The Largest Undivided Lottery Jackpot in North American History

The drawing was on 8/23/2017 and the winning numbers are 6, 7, 16, 23, 26, and Powerball number 4. The size of the jackpot was $758.7 million, the largest undivided lottery jackpot in North American history. Instead of having the winnings being paid out over a 30-year period (the annuity option), Wanczyk took a lump-sum payment of $480 million and took home $336 million after taxes. This recent winning is widely reported. Here’s are one instance and another instance of reporting.

We wish Ms. Wanczyk well, hoping that she will manage the unexpected windfall in ways that add to her happiness. For lottery winners of giant jackpot, sometimes the winning is the easy part. Google “the curse of the lottery”, you will see plenty of stories of lottery winners who lost big – breaking up of marriages, going bankrupt, getting robbed, being swindled and in some cases committing suicide or being murdered.

In some states, by law the lottery winners must make public appearances holding a giant publicity check in front of camera. For the states that have no such requirements, where the public appearances are voluntary, wise winners would skip any photo ops (their identity would still be revealed) and head immediately to an undisclosed location. They know that plenty of slings and arrows (in some cases bullets) would come their ways – from swindlers, fraudsters and robbers as well as from the long lost friends and relatives who want to share the wealth. Just like one famous line in the movie Forrest Gump, ‘run, Forrest, run!” That would be the best advice for a winner of a giant and sudden windfall of cash. Of course, it is also important to hire a reputable and trustworthy financial adviser.

Sudden windfall cash usually does not last long. About 70 percent of the time, the cash will be gone in a few years, according to the National Endowment for Financial Education (see this piece from time.com).

The Time piece also mentions several stories of lottery winnings gone wrong. One winner mentioned is Abraham Shakespeare, who won a $30 million jackpot in Florida. He told his brother, “‘I’d have been better off broke.” Shakespeare (the lottery winner) has his own page in Wikipedia. His eventual fate: he was murdered by a swindler named Dee-Dee Moore 3 years after winning the big prize. The Wikipedia page of Abraham Shakespeare is more like a posthumous monument of his notoriety as a murdered lottery winner, rather than for highlighting achievements.

The Time piece also mentions a “success” story. Richard Lustig is a 65-year-old Florida man who is a seven-time lottery game grand-prize winner. He had the wisdom of hiring a good financial planner and a good accountant. With the right mindset and the foresight of financial planning, he and his family are enjoying the good life made possible by the lottery winnings two decades earlier.

Shakespeare and Lustig are from two opposite extremes in post lottery winning experiences. In between these two extremes, there are plenty of nightmarish stories with most of them being ended up in poverty, some in drug addiction (stories are here and here).

The Google search for “the curse of the lottery” turns up plenty of advice too. Here’s a piece from Forbes. Another article is a piece from Wired. The piece from Lotto Report has sad stories and other information that can shed more light on the lottery curse. Here’s home page of the Lotto Report.

As horrendous as some of the lottery curse stories are, the odds of incurring such fate are extremely rare. The odds for winning the Mega Millions jackpot is 1 in over 175 million (see here for the calculation). The odds of winning the Powerball jackpot is one in over 292 million (see here for the calculation). The odds of being struck by lightning is 1 in 700,000 according to a piece from National Geographic (significantly below 1 in a million odds). The odds of lightning strike would be more similar to the odds for winning the jackpot in a smaller lottery, e.g. Fantasy 5 in California Lottery (1 in 575,757).

Of course, the longer the odds, the larger the potential jackpot. In fact, some of the most viewed articles in a companion blog called Talking about Numbers are about lotteries. The articles deal with California Lottery. But the ideas and observations would apply to other lotteries as well.

One way to calculate the odds of winning the top prize in a lottery is through math (done here for various games in California Lottery and here for Powerball). Another way is to look at data.

In this piece in Talking about Numbers, I showed that there are only 257 winning tickets with payouts of $1 million or more in the 26-year period from 1985 (the founding of California Lottery) to August 2011, averaging 10 “$1 million plus” winning tickets a year. Of these 257 winning tickets, 247 are in the first 25 years and 10 in the last year.

Naturally, I would like to update the study but California Lottery had since then made it hard to gather the data in their website. But the essential fact remains the same. There are on average about 10 winning tickets a year that pay out $1 million or more. These 257 winning tickets are out of over 9 billion purchased tickets! This means the odds for winning a “million dollar plus” prize in California prize are about one in 36 million (calculated here).

Of course, California Lottery will try their best to give the impression that winning is more commonplace. Lottery authorities are in the business of selling tickets. They do not want to provide a picture reflecting the true odds of winning big. The odds of 1 in 36 million are much better odds than the Powerball odds for sure. But the prizes are not as mega as Powerball (the average of 247 winning tickets from 1985 to 2010 for California Lottery is $18 million).

This piece has more information on the study. Here’s another frequently viewed post on lottery topics.

\text{ }

\text{ }

\text{ }

\copyright 2017 – Dan Ma