
Fastwords - the future in mobile authentication - mcobrien
http://www.fastword.me/
======
Mitt
Fastwords are unsafe. The alphabet has a size of 64.000 symbols (= words), and
people will use 3-4 of them. For 3 words there are just 262.144.000.000.000
different combinations to try. Renting a cluster of 30.000 machines for one
hour costs less than 2k dollars. With such an attack you can try 5 trillion
combinations per minute, which makes just max 52 minutes to crack such a
password.

Mobile security can be achieved with LastPass for example, a password manager.
This can generate a password for you that is 20 chars long, with an alphabet
of more than 70 symbols. If we assume 70 symbols and just 10 of those in a
password, then we already have 2.824.752.490.000.000.000 combinations, which
is 10.775 times more secure than the fastwords example. So instead of cracking
one hour, with a good 10 char password that includes symbols, uppercase and
lowercase and digits, it would take around 416 days to crack a short mobile
password, and it would cost millions.

