Is my password still the best password?

5th August 2016

At Foreign Tongues Translation we take security very seriously.

NDAs, data security, including translation project files, client translation glossaries, linguist details, as well as the physical security of our translation file servers are paramount – as it should be! But security is only as strong as its weakest link, so what about user passwords and does translation relate in any way?

A recent conversation with a colleague brought up this very subject. Namely, what’s the latest buzz on password length and complexity? If we take the Microsoft example as a guideline, they suggest a pretty decent way of creating a password:-

Start with a sentence – Foreign Tongues
Remove Spaces – ForeignTongues
Misspell some words – ForrinTonguez
Then add some numbers – F0rr1nTongue2

Using the above method you should, in theory, have a strong, complex password that’s hopefully fairly easy to remember.

Realistically though, what are the chances of someone trying to force your password? Despite the media hysteria, the main source of identity theft is actually carried out by stealing someone’s purse or wallet. As to identity theft via computers, this is usually done by thieves creating a fake webpage, such as eBay, PayPal or a banking website, whereby un-suspecting users enter their information voluntarily, albeit unknowingly.

Getting back to passwords though, if the security agencies of the world decided that they wanted your information, I doubt there’s very much you could do about it. But what about the more casual attacker? Many password utilities use what’s known as a dictionary attack, whereby a list containing any number of words is tried, one by one, against your login. One of the more popular password lists, RockYou – named after the website that the list was stolen from – can be found here (warning, it’s a 57MB download). Looking through this list of approximately 14 million passwords, it struck me that the large majority of common passwords were English words, numbers, or a combination of the two. So can we use some simple linguistics to outfox the attackers?

So, let’s try my password! Ok, maybe not ’my password!’ itself, but the Spanish translation – ‘Mi contraseña!’
A search confirms ‘micontraseña!’ isn’t there. Maybe it’s the 14,000,001st most common password but the important thing is, it’s not on this list, and so as far as the dictionary attack goes, that password wouldn’t have been guessed. It’s also long enough for cracking software to take a very long time to break. Now I know password attacks can be far more complicated, involving brute force, hashes and rainbow tables, to name but a few techniques, but it’s the list itself that interests me …

Do businesses think like the attackers mentioned above? If the potential victim, or a potential client in the business sense, is in an English speaking region, do they bother using any other language than English?

To me, the answer is obvious in both cases – in order to effectively target the people you want, you have to engage them in their own language. For businesses, this could be something as simple as a custom landing page for Asian and / or European markets, or promotional emails tailored to each country. Even starting small, you should start to see your international audience take notice.

For further information or a translation quote for your new project, contact Foreign Tongues Translation and we’ll help you get started.

Sign up to our newsletter