July 18, 2003
Quick: To the Bat-Computer!
Microsoft has an interesting article up about using inkblots as a way to generate strong passwords (If your password contains, anywhere in it, “Rex” or “Go49ers”, it is not considered strong) for people who would otherwise not pick good passwords.
The idea is that you look at a series of inkblots and think of what each is. Then you take the first and last letters of each phrase, string ’em together, and you’ve got a password. Evidently, everyone comes up with different phrases, and they are strong enough that when shown the pictures, they will remember them.
It’s a cool idea, but I have discovered a fatal flaw. The pictures they use are supposed to be vague enough that there’s no obvious answer. They failed, though.
This is clearly Batman wearing a Tutu, thus undermining the efficacy of the last two letters in the password. No matter the phrase somone would choose (“Batman in a tutu,” “Batman wears a tutu,” “Batman wearing a tutu”), the outcome is the same.
So, remember, set your password crackers to guess .*bu