Perfect Passwords: Selection, Protection, Authentication

alighting from his beast, he tied it up to a tree, and going to the entrance, pronounced the words which he had not forgotten, Open, Sesame!? Hereat, as was its wont, the door flew open, and entering thereby he saw the goods and hoard of gold and silver untouched and lying as he had left them.
Arabian Nights, The Forty Thieves
My fascination with security began perhaps a decade ago when I took my first job with the official title of software developer. I had written code casually for years, but this was the first time someone paid me to do it. I was a corporate employee. I wrote code all day. I had a network account that I logged in to every morning. Like almost everyone else at the company, I had a weak password that I swapped every three months with another weak password.
I had been interested in various aspects of security for a long time, but information at that time was scarce. Back then, you couldn t just search on Google for something; you found the good information by navigating an endless pathway of hyperlinks from one Web site to the next. The information that I did find was often obsolete, unreliable, or limited in context; thus, I was left unsatisfied.
Nevertheless, I studied everything I could find during any spare minute I had. After I read and reread stacks of printouts, they slowly started to make sense to me. Although I was merely...