Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.

CLIFFORD STOLL

Passwords

'Cryptography' is the science of writing codes; 'cryptanalysis' is the business of cracking them.

America's Worst-Kept Secret 



Between 1960 and 1977 the secret code allowing US Presidents to launch nuclear missiles was 00000000.
 
The code, or PAL (Permissive Action Link) was introduced by President Kennedy in 1960 to prevent unauthorised launching of nuclear missiles. The correct code had to be dialled into each missile before it could be armed. Crews in missile silos also had a dual key arrangement so one man could not launch them alone. This failsafe was applied to the 1,000 strong force of long-range Minuteman missiles which had been introduced during the Cuban Missile Crisis of 1960, which remained the backbone of the US strategic deterrent until the 1970s.
 
What nobody told either the President or Robert McNamara, the Defence Secretary under both Kennedy and Johnson, was that the generals at Strategic Air Command in Omaha had decided that the risk of forgetting the codes was much higher than the risk of an unauthorized launch. So they picked a code that everyone knew. The ‘secret’ unlock codes were finally upgraded in 1977, but only after a long campaign by former air force staff and US congressmen pointing out the potential terrorist threat of the leaving the missile launch procedure so open. McNamara himself only learnt of this deception in 2004 when advised by a former member of the Minuteman firing crew. He was appalled: ‘I am shocked, absolutely shocked and outraged. Who the hell authorized that?’
 
And just in case this leaves any Brits feeling smug, we didn’t have any protective codes at all. Papers released in 2007 showed that the WE 177 nuclear warhead, which Tornado and earlier V-bomber crews trained with, were armed using a simple device that resembled a bicycle lock key. To arm the weapons you removed two screws from a panel (like a battery cover on a TV remote).
 
Once you'd removed the screws, this revealed a sequence of dials from which you used a standard Allen key to select how the weapon would be deployed – high yield or low yield, airburst or groundburst, and so on. To complete the procedure, the bomb was armed by inserting a bicycle lock key into the arming switch and turning it through 90 degrees. There was no code and no dual key system. Staggeringly, these weapons were in active service until 1998.

GEORGE BERNARD SHAW (1856-1950)

There are no secrets better kept than the secrets that everybody guesses.

Remembering Passwords


If, as security experts recommend, we need a unique, strong password for nearly everything we do online, how can we remember them all?
 
Several years ago, the conventional wisdom was to never write down passwords — but that was when most of us only had a few to remember. Some experts have since changed their minds. Says one: 'The probability of someone breaking into your house and stealing your written-down passwords is considerably more remote than the 1-in-3 to 1-in-4 probability that your computer will fall to a criminal’s malware'.
 
Password cracking software generally uses a huge dictionary of possibilities, which it tries one after another, so the key precaution is not to use an actual word as your password, which is why many sites require the use of numbers and capitals.
 
However, if you know the site you're trying to hack into insists that users must use at least one capital letter, then you can immediately throw out all the words that are all lower case. Likewise, if you're required to use at least one number, you can throw out all the words with only letters in them. Finally, if you know that the password must be at least six characters, then you can throw out all those words that have fewer than six characters in them. So there’s a counter-productive aspect to these 'security' measures: they actually reduce the number of strings that the cracker has to check, arguably making their job easier. The merit of these rules, though, is that they do force you to use a password which cannot be found simply by trawling through a standard dictionary.

Sunbeam, Nougat, Toggle and Teapot were all codenames for nuclear explosions in Nevada in the 1950s and 60s.

During the Second World War, the British Army in Burma concealed information by communicating in Welsh.

CARDINAL RICHELIEU (1585-1642)

Secrecy is the first essential in affairs of state.