this post was submitted on 26 May 2024
454 points (95.6% liked)

Technology

59414 readers
3109 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

These are 17 of the worst, most cringeworthy Google AI overview answers:

  1. Eating Boogers Boosts the Immune System?
  2. Use Your Name and Birthday for a Memorable Password
  3. Training Data is Fair Use
  4. Wrong Motherboard
  5. Which USB is Fastest?
  6. Home Remedies for Appendicitis
  7. Can I Use Gasoline in a Recipe?
  8. Glue Your Cheese to the Pizza
  9. How Many Rocks to Eat
  10. Health Benefits of Tobacco or Chewing Tobacco
  11. Benefits of Nuclear War, Human Sacrifice and Infanticide
  12. Pros and Cons of Smacking a Child
  13. Which Religion is More Violent?
  14. How Old is Gen D?
  15. Which Presidents Graduated from UW?
  16. How Many Muslim Presidents Has the U.S. Had?
  17. How to Type 500 WPM
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 5 months ago* (last edited 5 months ago) (14 children)

For people who have a really hard time with #2 (memorable passwords), here's a trick to make good passwords that are easy to remember but hard to guess.

  1. Pick some quote (prose, lyrics, poetry, whatever) with 8~20 words or so. Which one is up to you, just make sure that you know it by heart. Example: "Look on my Works, ye Mighty, and despair!" (That's from Ozymandias)
  2. Pick the first letter of each word in that quote, and the punctuation. Keep capitalisation as in the original. Example: "LomW,yM,ad!"
  3. Sub a few letters with similar-looking symbols and numbers. Like, "E" becomes "3", "P" becomes "?", you know. Example: "L0mW,y3,@d!" (see what I did there with M→3? Don't be too obvious.)

Done. If you know the quote and the substitution rules you can regenerate the password, but it'll take a few trillion years to crack something like this.

  1. Home Remedies for Appendicitis // If you’ve ever had appendicitis, you know that it’s a condition that requires immediate medical attention, usually in the form of emergency surgery at the hospital. But when I asked “how to treat appendix pain at home,” it advised me to boil mint leaves and have a high-fiber diet.

That's an issue with the way that LLM associate words with each other:

  • mint tea is rather good for indigestion. Appendicitis → abdominal pain → indigestion, are you noticing the pattern?
  • high-fibre diet reduces cramps, at least for me. Same deal: appendicitis → abdominal pain → cramps.

(As the article says, if you ever get appendicitis, GET TO A BLOODY DOCTOR. NOW.)


And as someone said in a comment, in another thread, quoting yet another user: for each of those shitty results that you see being ridiculed online, Google is outputting 5, 10, or perhaps 100 wrong answers that exactly one person will see, and take as incontestable truth.

[–] [email protected] 18 points 5 months ago* (last edited 5 months ago) (11 children)

Steps 2 and 3 of your method already make it way too hard to remember

Just pick like 6 random, unconnected, reasonably uncommon words and make that your entire password

Capitalize the first letter and stick a 1 at the end

The average English speaker has about 20k words in their active vocab, so if you run the numbers there's more entropy in that than in your 11 character suggestion.

Alternatively use your method but deliberately misquote it slightly and then just keep it in its full form.

[–] [email protected] -1 points 5 months ago* (last edited 5 months ago) (4 children)

TL;DR: your statements are incorrect and you're being assumptive.

Steps 2 and 3 of your method already make it way too hard to remember

Step 2 is "hard"? Seriously??? It boils down to "first letter of each word, as it's written, plus punctuation".

Regarding step 3, I'll clarify further near the end.

Just pick like 6 random, unconnected, reasonably uncommon words and make that your entire password

That's a variation of the "correct horse battery staple" method. It works with some caveats:

  1. Your method does not scale well at all. If you try to harden it further, by using more words, you hit Miller's Law. My method however scales considerably better because there's some underlying meaning (for you) on what you're using to extend the password further.
  2. Even in English, a language that typically uses short words, your method requires ~30 characters per password. Larger and less dense passwords are actually an issue because some systems have a max password size, like Lemmy (60chars max). My method however uses less characters to output the same amount of entropy.
  3. The least common the word, the more useful for a password, and yet the harder to remember. With synonyms and near-synonyms making it even harder. Typically less common words are also longer, making #2 even more problematic.

The average English speaker has about 20k words in their active vocab, so if you run the numbers there’s more entropy in that than in your 11 character suggestion.

I'll interpret your arbitrary/"random" restriction to English as being a poorly conveyed example. Regardless.

The suggestion is the procedure. The 11 characters password is not the suggestion, but an example, clearly tagged as such. You can easily apply this method to a longer string, and you'll accordingly get a larger password with more entropy, it's a no-brainer.

For further detail, here's the actual maths.

  • Your method: 20k states/word (as you specified English). log₂(20k) = 14.3 bits of entropy. For six words, as you suggested, 86 bits. The "capitalise the first" and "add 1 to the end" rules do nothing, since systematic changes don't raise entropy.
  • My method: at least 70 states/char (26 capital letters, 26 minuscule letters, 10 digits, ~8 punctuation marks); log₂(70)=6.1. Outputs the same entropy as yours after 14 chars or so.

Now, regarding step #3. It does increase a little the amount of entropy. But the main reason that it's there is another - plenty systems refuse passwords that don't contain numbers, and some even catch on your "add 1 to the end" trick.

EDIT: I did a major rewording of this comment, fixing the maths and reasoning. I'm also trying to be less verbose.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

Step 2 is “hard”? Seriously???

I don't know how you're meant to remember that "Works" and "Mighty" are capitalized

In most other quotes, the only capitalization occurs once at the start, so it doesn't add any meaningful entropy.

If you try to harden it further, by using more words

Yours doesn't scale due to step 3.

On the other hand, much like battery staple, it's pretty easy to make up a visual or story in your head to connect the words.

Also, why would you need to scale this past 6 words? At that point it's already more likely that your password is compromised via a keylogger or similar than anything else.

Even in English, a language that typically uses short words, your method requires ~30 characters per password.

I'll accept this as a downside of the method, but honestly a website that limits your password character length to under 30 is probably doing some other weird shit that isn't good.

Also, the only time you should really be using this method is if for some reason you don't want to use a password manager. Not many scenarios like that that also limit characters.

yet the harder to remember

I feel like the exact opposite is true? Pretty easy to remember "defenestrate". Much easier than remembering which m turns into a 3 in your method.

The 11 characters password is not the suggestion, but an example,

I'm aware how examples work. It's 11 characters long and already too hard to remember.

[–] [email protected] -2 points 5 months ago (1 children)

I don’t know how you’re meant to remember that “Works” and “Mighty” are capitalized

Refer to step 1, please: pick a quote that you know by heart. And you're still confusing the example with what it exemplifies.

At this rate it's rather clear that you're unable to parse simple sentences, and can be safely ignored as noise.

[–] [email protected] 4 points 5 months ago

pick a quote that you know by heart

so step 1 is actually "learn a long, obscure quote by heart" because obviously it can't be a common quote or it completely breaks the method, and the only quotes you're likely to know are common

you're right this is so easy

you’re still confusing the example with what it exemplifies.

In most other quotes, the only capitalization occurs once at the start, so it doesn't add any meaningful entropy.

At this rate it’s rather clear that you’re unable to parse simple sentences,

somebody's a little spicy over the fact that they gave terrible advice :(

load more comments (2 replies)
load more comments (8 replies)
load more comments (10 replies)