Thursday, June 5, 2014
Password dress: A frock covered in security faux pas
How weak are your passwords? See if they show up on this unique dress designed to clue the world in to a multitude of common bad passwords.
Want to know which passwords not to use? Take a look at Lorrie Faith Cranor's password dress, swathed in some of the most common passwords around. There's "lovely," "friends," "qwerty," "playboy," "tinkerbell," and "spongebob" (yup, spongebob). The ever-popular "password" and "123456" didn't make the tailor's cut.
Cranor, a professor of computer science at Carnegie Mellon University, sewed her dress from original "bad password fabric" culled from her research group's extensive exploration of the security and usability of text passwords. The brightly colored frock's like a walking cautionary tale.
Cranor crafted the password dress last year to go along with her similarly conceived Security Blanket quilt, but has lately been spotted wearing it out to industry events. The most recent sighting came Thursday at the Privacy Law Scholars Conference in Washington, D.C., where author Julia Angwin snapped this shot.
The crafty professor made her own dress pattern by tracing a store-bought dress that fit her well, and had the polyester knit fabric printed at Spoonflower, a company that lets creatives design, print, and sell their own fabric, gift wrap, and the like. "The profanity is mostly on the back," Cranor tells Crave of the garment.
Early this year, security-focused developer SplashData released its most recent list of the worst online passwords, a testament to the fact that many people still use simple, hackable passwords despite repeated stories of mass hacks and warnings to build stronger personal defenses.
For those who would like to wear weak passwords themselves -- or hang them from windows or rest their heads on them -- Cranor sells a few versions of purple bad password fabric by the yard at Spoonflower. Which is kind of meta, since according to the dress, "purple" is one of the bad passwords.
By: Leslie Katz (CNET)