-
23 October 2015
- Health
Towards a successful Innovation strategy - Yann Girard
Belittling other people is a strategy.
Criticizing other people is a strategy.
Pointing out other people’s weaknesses is a strategy.
A strategy to elevate one’s own work.
A strategy to avoid change and to save one’s own job.
Is it a good strategy?
I don’t know. It depends on your goals.
Does it work as a strategy? Hell yeah!
Will it help to push things forward in general?
Sometimes. But most of the time it won’t.
Most of the time it just kills creativity and innovation at its roots.
Look. Creativity and innovation is an iterative process.
Nothing or no one is perfect at anything right away.
And pointing out other people’s weaknesses over and over again won’t help nobody. In most cases.
All it does is that it chokes creativity until there’s no oxygen left for creativity. For innovation.
That’s why so many large corporations are struggling with innovation.
Because there’s constant choking going on everywhere.
And the only person who’s going to benefit from criticizing everyone and everything is the person who’s criticizing everyone and everything…
Where IDEAS come from ... by Yann Girard
Ideas come from conversations with real people.
They don’t come from watching Netflix.
Ideas come from reading meaningful books.
Ideas come from building on top of other ideas.
They don’t come from dreaming about „what if.“
Ideas come from reflecting about your day.
Ideas come from exposing yourself to other ideas.
They don’t come when you force them to come.
Ideas come from talking to strangers.
Ideas come from doing things you enjoy doing.
Ideas come from talking to friends.
They don’t come from binge scrolling.
Ideas come from exposing yourself to new things.
Ideas come from experimenting.
Ideas come from experiencing the unknown.
They don’t come from doing things you don’t enjoy doing.
Ideas come from doing the same things, but in many different ways.
Ideas come from combining already existing ideas.
They don’t come from brainstorming about ideas.
Ideas come from giving your brain some time to breathe.
Ideas ultimately come from everything around us. And inside of us…
http://yanngirard.com
Match-Fit Ireland is going places ...
I am really pleased that my colleague has started to develop material to develop his online presence. See what you think.
Match Fit Ireland from Paul Clarke on Vimeo.
Virtual Reality vs. Augmented Reality ... which technology will win ?
Virtual reality is all about the creation of a virtual world that users can interact with.
Augmented reality is the blending of virtual reality and real life, as developers can create images within applications that blend in with contents in the real world.
Difference and similarities
Both virtual reality and augmented reality are similar in the goal of immersing the user, though both systems do this in different ways.
With AR, users continue to be in touch with the real world while interacting with virtual objects around them. With VR, the user is isolated from the real world while immersed in a world that is completely fabricated. As it stands, VR might work better for video games and social networking in a virtual environment, such as Second Life, or even PlayStation Home.
Which technology will succeed?
As it stands, augmented reality is ahead of virtual reality, as there are several products already on the market. We are witnessing the rise of AR hardware devices from Google in the form of Glass, and also plans from Microsoft to launch something similar with its $150 million purchase for wearable computing assets.
On the matter of VR, the technology is just stepping up to the plate. It's still far away from being this great thing for social encounters in a virtual world, but with the rise of the Oculus Rift, it is getting there.
We believe both AR and VR will succeed; however, AR might have more commercial success though, because it does not completely take people out of the real world.
Blog Entrepreneurship Skills for Growth-Orientated Businesses
Entrepreneurship Skills for Growth-Orientated Businesses
http://www.oecd.org/cfe/leed/Cooney_entrepreneurship_skills_HGF.pdf
Context Will Drive The Future Of Web Content Management
Web content management is at the most significant inflection point in its 15-year history. It’s now all about the context.
By 2013, Gartner contends, 40% of large companies will have context-aware computing projects on the way. Context is driving content and intelligent customer interactions, delivering Web experiences that will engage site visitors and deliver better business results.
For example, in the case of the mobile Web browsing, the context is that visitors are accessing the Web from a mobile device, usually with a specific task in mind. These visitors don’t need – in most cases don’t want – the same experience presented from a desktop browser or on their iPad. Not only must Websites be mobile-friendly (meaning they render correctly on a wide range of mobile devices), but the experience also must fit the purpose of the device.
Or consider the difference between a visitor looking at the Hewlett-Packard home page and their viewing an HP product page on Amazon.com. The context is different, and likely so is the visitor’s intention. A visitor may be on the HP site to research products – or to find a job. Amazon visitors are almost certainly shopping.
Context defines a visitor’s Web experience. If a visitor has come to a site through a search, he doesn’t want to click through multiple, slow-loading, hard-to-read pages to find a single piece of information. If visitors are on your site to make a purchase, it is imperative they experience the same level of checkout/shopping cart convenience that they would in the brick-and-mortar world. If a prospect has arrived on a landing page via an e-mail marketing campaign, Sales and Marketing definitely wants that page to display correctly on any device the prospect is using.
“Delighting customers doesn’t build loyalty,” note the authors of a recentHarvard Business Review article. “Reducing their effort — the work they must do to get their problem solved — does.” Showing an understanding for the customer and respecting the manner they want to interact breeds loyalty.
Context, the Future of Web Content Management
Content management systems have long played an important role in helping companies align their business strategies to the Web. Today, however, the core capabilities of content management have evolved to help global enterprises deliver better business results. Web content management systems are being used to create sites localized for multiple languages with content tailored to meet the unique cultural needs of each country while also enabling these same organizations to publish thousands of daily updates without relying on IT intervention and manual processes. Enterprises are also managing hundreds and sometimes thousands of sites on a single platform, providing significant operational efficiency improvements.
It’s often said that “content is king.” The ability to create high-quality content that attracts, engages, retains and converts visitors is still an important objective for every website. Content is indeed still the heart and soul of every site. But if content is king, context is its queen; and together they will rule the kingdom of audience engagement and of the corporate Web site experience.
Context is the key to providing Web experiences that deliver business results. Context shortens sales cycles and grows revenue. It increases customer engagement and loyalty. Gartner describes as “Context-Aware Computing,” and defines it as “the concept of leveraging information about the end user to improve the quality of the interaction.” Gartner goes on to note, “Emerging context-enriched services will use location, presence, social attributes and other environmental information to anticipate an end user’s immediate needs, offering more-sophisticated, situation-aware and usable functions.” Software vendors “will begin to integrate multiple contextual components to provide a richer user experience that enables top-line growth as well as workplace efficiencies.”
Sales funnels on corporate Web sites have always been a numbers game; the more leads in, the more hoped-for revenue you get out. The funnel shape represents the substantial number of leads that drop off at each step in the sales process. But customer engagement need not be a numbers game. Running more campaigns or buying more keywords isn’t always the answer. With context, enterprises can focus more on the quality of each customer interaction, rather than quantity. It lets enterprises do more with each customer interaction, encouraging customer intimacy. Each customer interaction represents a “moment of truth,” and with a competitor’s Web site a click or search query away, the imperative to deliver on the promise of context is crucial.
Virtual reality maze 'predicts Alzheimer's disease'
Alzheimer's disease can be detected decades before onset, using a virtual reality test, a study suggests.
People aged 18 to 30 were asked to navigate through a virtual maze to test the function of certain brain cells.
Those with a high genetic risk of Alzheimer's could be identified by their performance, according to German neuroscientists.
The findings could help future research, diagnosis and treatment, they report in the journal Science.
The scientists, led by Lukas Kunz of the German Centre for Neurodegenerative Diseases in Bonn, say the high risk group navigated the maze differently and had reduced functioning of a type of brain cell involved in spatial navigation.
The findings could give an insight into why people with dementia can find navigating the world around them challenging, they say.
"Our results could provide a new basic framework for preclinical research on Alzheimer's disease and may provide a neurocognitive explanation of spatial disorientation in Alzheimer's disease," they report in Science.
ALFRED PASIEKA/SCIENCE PHOTO LIBRARY
Although genes play a role in dementia, their effects are complex with many unknowns.
Dr Laura Phipps of Alzheimer's Research, said the latest study focused on healthy younger people at higher genetic risk of Alzheimer's, suggesting they may already show alterations in spatial navigation several decades before the disease could start.
She added: "Although we don't know whether the young people in this study will go on to develop Alzheimer's, characterising early brain changes associated with genetic risk factors is important to help researchers better understand why some people may be more susceptible to the disease later in life.
"The risk factors for Alzheimer's are diverse, including age, genetics and lifestyle, and research is vital to allow us to unpick how each of these factors could contribute to a person's risk of the disease."
Ten consumer things we can't be bothered to do
http://www.bbc.com/news/business-34600906
There's loads of stuff we should be doing - but who has the time and who can be bothered?
Consumer websites and switching services urge us to take the time to do things to save money, but we don't, because we haven't got time, we don't want to learn new passwords, we're daunted by the process, we're worried it will go wrong and, let's be honest, we just can't be bothered.
Here are 10 of those things we know we should do, but don't.
1) Switch bank accounts
The Competition and Market Authority's report into current accounts said that 57% of consumers had had the same current account for more than 10 years, and 37% for more than 20 years.
It bemoans the fact that banks are not being made to work hard enough to keep customers, because of fears that the process will be "complicated, time-consuming and risky".
Even after the Current Account Switch Service was introduced, only 3% of customers switched in 2014.
Of course, it may be that customers are deliriously happy with their current provider, or it may be that they've got better things to do.
2) Read terms and conditions
You know those terms and conditions you get when you download a software update, or register for a website or order something online?
Have you ever read them before you put a tick in the box confirming that you've read them? Of course you haven't - nobody has.
Take the UK terms and conditions for Apple's iTunes, for example. They're 20,000 words long.
That's about a quarter of a decent-length novel and probably considerably less interesting.
It will probably turn out that I'm signing away some key rights or signing up for something dreadful.
I can't tell you for sure, because I just can't be bothered to read them.
3) Answer the landline
Actually, this one is a generational thing.
When the landline rings, it is my mother, my parents-in-law or a company urging me to switch providers (in a way that I can't be bothered to do) or claim payment protection insurance compensation in a way that I cannot do, because I did not take out any PPI.
This happens despite my having signed up for the Telephone Preference Service (although that does not apply to members of my family).
So in fact, I do answer the landline when caller ID tells me who it is. I just can't be bothered to answer when it doesn't give me a number.
With older generations, the opposite is true - my mother only seems to get PPI calls on her mobile and uses the landline all the time.
4) Switch utility providers
Now we all really should be doing this one. And not just gas and electricity, but also home insurance and car insurance and phone and broadband.
Providers make a fortune from bumping up your premiums when it's time to renew and hoping you won't notice and can't be bothered to switch.
Here's an idea - call your existing provider and ask if they can do any better. Vaguely suggest that you're considering switching, even though we all know you can't be bothered.
Then, often you'll get a better deal without having to switch.
This works particularly well with gas and electricity providers, which bring in new tariffs all the time, so the last one you bothered to check up on is almost certainly uncompetitive.
5) Book train tickets in a clever way
This is a story that crops up on consumer sites every now and then.
It turns out that if you're going on a long journey - and instead of booking a ticket that goes all the way, you buy one ticket that goes a bit of the way and another that goes the rest of the way - you can save some money.
Although presumably, in order to find the cheapest deal, you'd have to try it out with every station between home and your destination.
I'm not proud that I can't be bothered to do this. I salute anybody who can - well done you!
6) Open the mail
Getting things in the post is a bit like answering the landline - it's a generational thing.
Obviously I open anything with handwriting on the front - I'm not heartless.
But what about printed envelopes? I do still get some bills through the post, but most of them are also available online and if I really needed them, I could just print another.
There are crucial exceptions to this. Recently I had to prove my address to the council, which asked me to send them my council tax bill.
Now, it seems to me that there is something wrong with the council asking to see my council tax bill - it sent the bill to me and I've been paying it every month. Is that not proof enough?
But no, it turns out that even though I can get an online account that allows me to check when my next council tax payment is due, how much it will be and when the bins are going to be emptied, it won't let me print out the council tax bill.
So I had to spend an hour with my slightly questionable filing system trying to find the bill. So I could send it to the council.
7) Finish this list
Seriously, has anyone bothered to read this far?
You've got better things to do.
Go and switch bank accounts.
Why do some companies keep getting hacked ?
http://www.bbc.com/news/technology-34614245
Almost every large company is being bombarded with cyber-attacks all day, every day.
About one million new malicious programs are created every day, according to security firm Symantec. That is a lot to defend against - and that does not include the many other ways attackers try to get at their targets.
Some attacks are crude and are easy to defend against. Others are more cunning and try to trick people into opening booby-trapped email messages. The most dangerous attacks exploit security holes that most people have not discovered yet in widely-used software.
Surely companies have defences that can stop attacks?
On average companies use 75 separate cyber-defence systems to police their networks. However, these systems can deliver an overwhelming number of alerts and warnings to security staff.
Worse still, it is often hard for companies to correlate the information provided by each separate system, says Darren Thomson, European technology boss at security firm Symantec. This can mean security teams spend time chasing false positives or problems that look serious but are not the current biggest threat they face.
And technology cannot always help if somebody in an organisation opens a booby-trapped attachment on a phishing email.
Many attackers are increasingly exploiting human frailty because cyber-defences seem to have improved far faster than people.
And even the best security is weakened if a company insider decides to betray their employer.
What happened to TalkTalk ?
Details are scant but it looks like there were two elements to the breach.
The first was a distributed denial of service (DDoS) that tried to knock over TalkTalk's servers by hitting them with lots of data.
There are hundreds if not thousands of these kinds of attacks every day, says Roland Dobbins from Arbor Networks, a company that helps firms block the massive data flows.
These attacks simply try to knock sites offline. Often, says Mr Dobbins, they can be used as a smokescreen to distract security staff from other activity. Other groups have used them to steal cash or data.
The DDoS assault on TalkTalk seems to have been accompanied by another attack which sought to get at its customer database. That is why the company has warned that personal information might have been accessed.
But TalkTalk has been hit three times...
Many companies now prepare for the day they will be breached rather than expect technology to keep them safe and secure all the time.
Often attackers can get into a corporate network using stolen staff credentials but that just gets them a foothold. From there they need to explore, expand and gather network privileges that help them get at the data they really want to steal.
The length of time it can take to realise that a breach has taken place gives attackers a long time to bed in, explore and escalate their access. Companies are getting better at spotting that anomalous behaviour but the advantage often still lies with the attackers.
Many companies employ ethical hackers to test their security systems and properly encrypting customer data helps ensure any stolen information is useless to attackers, or expensive to sell.
TalkTalk will have questions to answer if it emerges that hackers were able to steal unencrypted customer information.
Is augmented reality the next big thing
The term 'augmented reality' has been first credited by Tom Caudell in 1990. He was a research mechanic at aircraft manufacturer Boeing where he used the term ‘augmented reality’ to refer to a head-mounted digital display worn by aircraft technician to guide them in the assembly of electrical wires in aircrafts.
Today, the fundamental idea remains much the same - "the interaction of superimposed graphics, audio and other sense enhancements over a real-world environment that’s displayed in real-time".
In looking to better understand AR it is important not to confuse it with Virtual Reality (VR) - where the primary goal is to replace the real world with a simulated one.
In 2014, I was introduced to AR by ..... at the State of Play at Dublin Institute of Technology. Some moths later he approach us at AbydosGAMETECH to help insert 'surround sound' into their ......
More recently, AR came up in discussions with colleagues of mine, David Grainger of 'BeatStressSimply and Tom Keane of Retail Anywhere who are activley considering inserting AR into their respectice Apps.
AR can refer to technologies which have existed for years.
Take for instance sports telecasting where you see colored lines drawn against real-time gameplay for say, a rugby or soccer match. These lines may be used to indicate the offside boundaries in which the players must not cross or to show the movements of the ball or players. AR is not to be (commonly) confused with Virtual Reality (VR), where the primary goal is to replace the real world with a simulated one.
We often take such existing technology for granted because they are so prevalent and commonplace that we don’t associate them with what we normally assume as ‘high-tech’ AR.
DRAFT: Your Business is NOT too Small to be Hacked ?
Think Your Business is Too Small to Hack? Think Again.
Wednesday03/04/2015
Hackers are targeting the big boys (Target, Sony, Anthem), but small business owners should be cautious, too. You're not too small to be hacked. When it comes to Internet security, customers expect the same protections from you that they expect from the giants. If you have a website, send email to your clients or store customer information online (and you're lax in your security practices), you could be exposing your customers to threats.
What to do? Put a privacy policy in place, so customers know what information you collect and how you use it. Then follow the policy. Know what information you have about your customers and delete what you don't need. And follow these best practices, from StaySafeOnline.org:
- Fully protect your own computer systems and keep software, browsers and operating systems current.
- Scan everything you attach to the network.
- Keep hackers out with a good firewall.
- Filter for spam.
- Train employees to be vigilant.
Invest in and practice strong security measures now, so you don't have to do it after a breach.
See More Tips For: business practices, data security, Management, operations
The Digital Divide - Special Needs
Simply wiring schools or neighbourhood organisations to the Internet does not guarantee that effective use of ICT will occur. For many, computers and the Internet represent, metaphorically and actually, a foreign language that they do not speak or understand. There are many who have documented many of the non-technical barriers to using the Internet effectively in schools, including mismatches in schedules, goals, and norms.
These problems result from a failure to understand the Internet and the conditions under which it is most effectively used for learning. Today, More many students with a learning difficulty lack experience not only in technically-based skills but also in information handling and in effective independent learning. For these students a range of skills need to be taught, including self-monitoring and time management, before computers and the Internet become intelligible.
IBM's got its head in the cloud as it chases data market
IBM's got its head in the cloud as it chases data market
IBM is introducing new torgae software as the company tries to boost sales for higher-margin technology products.
The company's new portfolio, called IBM Spectrum Storage, lets customers use a single dashboard to manage massive amounts of information accross existing storgae infrastructure, including data centres and the cloud.
IBM also has pledged to spend about $200m a year in the next five years on developing new storage offerings, the company said in a statement.
IBM chief executive Ginni Rometty has been trying to entice customers with new products, such as software-defining storage, to help reverse falling sales.
After 11 quarters of declining revenue, she's still trying to find growth from higher margin software and services delivered online via the cloud. "We are investing in things that can be growth potential for us." Tom Rosamilla, senior vice president of IBM Systems, said in an interview on Bloomberg Television.
"I actually have to prove it, but we're in a good place." Customers who increasingly rent cloud-computing capacity have cut back on purchasing their own large machines to store data.
Meanwhile, IBM and competitors like EMC have sought to sell more storage tools. IBM stopped buying and reselling storage systems from NetApp last year instead encouraging customers to buy its own products, according to an internal memo reviewed by Bloomberg in May.
Sales from storage systems have fallen for the pastr three years, taking a 12pc tumble in 2014 from a year earlier.
Tjhe hardware division carries a gross profit margin of 39.5% compared to the software's unit's 88.6pc. The new Spectrum Storage offerings, sales of which will be reported for IBM's software division, will run on storage hardware to help make managing data more effecient, according to the statement. (Bloomberg.)
Everything about Passwords
EEVERYTHING YOU KNOW ABOUT PASSWORDS IS WRONG
WHY "THE FRETFUL PORPENPINE" IS AN EASILY BROKEN PASSWORD, BUT "STEPPED FOREST SQUIRREL" IS NOT.
If you're like most sophisticated Internet aficionados, you probably have a very clear idea of what a good password is, and have had to follow the formula to create one over and over again. And, admit it: You probably have just a handful that you re-use across all the websites you visit.
You can recite "good" password rules by heart: eight or more characters comprising a mix of upper- and lower-case letters, numbers, and punctuation, and omitting the use of any words found in dictionaries, including substitutions (such as @ for a in p@assword or 1 for lowercase l in fai1).
A typical list of "safe password" requirements
You repeat these rules to less-technical friends and family, and hope they are observing the same kinds of care, although you're pretty sure they aren't. As you type a new password (or one of your repertoire) into a website's form field and see a little color bar go from red for a weak password to green for a strong one, you relax a little bit.
You probably also think that you're savvy enough to avoid being phished: mistaking a fake site for a real one and entering your credentials into it. You're attentive to site details, and on sites that offer it, you pick an image that is supposed to jog your memory on your return so you know it's the legitimate site.
"It's a gut feeling when a password has all of these things—uppercase and numbers—how could anyone guess this?" says Markus Jakobsson, an applied security researcher who has written extensively about passwords and studied real user behavior.
Take a deep breath, because most of what you've been told about safe passwords is incorrect. Observing the rules might result in you creating a password that resists typical cracking techniques. But you could also be devising one that could be cracked in not much more time than "password" or "123456". And even if your password is good, the possibility of entering it at a fake site that resembles the one you intended to use is real.
Let's start with the basics.
No sensible site stores a password as plain, unencrypted text. For any financial, legal, or medical site, or for sites that process credit cards, it's either illegal or against various regulations or terms of service. Rather, they run it through a one-way encryption algorithm. The algorithm, known as a "hash," performs a series of operations on the password that transform it into an outcome that can't be reverse engineered.
That is, for any given input, the output will be dramatically different and unpredictable. Using the common (but outdated) SHA-1 hashing method, the password 1234 becomes 7110eda4d09e062aa5e4a390b0a572ac0d2c0220, while 1235 becomes ac1ab23d6288711be64a25bf13432baf1e60b2bd. Knowing the output doesn't help you figure out the original text.
Whenever you log into a site, your password—presumably carried over an encrypted https session—is hashed using whatever algorithm the site employs, and then tested against the version stored in the database.
BRUTE-FORCE METHODS CAN CHURN THROUGH BILLIONS TO HUNDREDS OF BILLIONS OF PASSWORDS PER SECOND.
A cracker who gets ahold of a file of hashed passwords uses brute-force methods to determine what password is associated with which accounts. This starts with using the most commonly used passwords, which are easy to find from previous large-scale attacks and cracks of large databases. It also includes all words found in dictionaries (English and others, depending on the site), and then proceeds to combinations of words.
Shorter passwords using a smaller character set, such as upper- and lower-case letters, can be cracked exponentially faster than ones that draw from the entire range of characters one can type or that are simply longer. Up until a few years ago, crackers built "rainbow tables" containing precomputed hashes using popular algorithms as a way of speeding up cracks against the most frequently chosen passwords. This would seem to indicate that a complicated and uncommon password like Spooning1! would be a great choice, and that the common wisdom about passwords is accurate. But not so.
Brute-force methods using modestl -priced computers, which can be souped up with affordable arrays of graphics cards, tapping into the raw computational power of their graphics processors, can churn through billions to hundreds of billions of passwords per second with the SHA-1 algorithm. (New algorithms might only allow tens of thousands to hundreds of thousands of checks, but SHA-1 remains in wide use for reasons of inertia.)
That amount of computational power means that crackers now try the likeliest matches in great quantities. Randomly constructed passwords of 11 or 12 characters that pull from the entire potential character set remain highly resistant to all but the most determined cracking. If you use a password generator and storage program like1Password or LastPass to create a unique, random password for each site, you're minimizing your risk enormously.
But most people don't. And that's where the trouble lies.
Markus Jakobsson works at the intersection of security and usability, and his concerns center around arbitrary complex password requirements that leave users more exposed to a cracking attempt, even as a site claims that the password is strong and resistant.
In an interview, he notes that our minds aren't built to recollect arbitrary letters, numbers, and punctuation. Rather, we remember stories. When asked to create a password, instead of creating something random, users "take their favorite word or concept and then just massage it into the correct shape." He says, "We don't tell people strange character sequences, and we're not really wired to remember them."
In his research, he finds someone might try to use the word "apples" because they like the fruit, but be told a capital letter is required. The visitor transforms this into "Apples" but then must add a number and punctuation. They pick the easiest course, and it becomes "Apples1!" This has eight characters and the requisite variation, and would pass muster at most signup pages. (Some might flag the use of a dictionary word or repeated letters, however.) Dr. Jakobsson says that of these password-quality indicators, "They measure your likely inability to remember your password."
FASTWORDS TIE TOGETHER STORYTELLING, PASSWORD STRENGTH, AND PROBABILITY.
Crackers check dictionary words first with substitutions and common extensions like the above. Based on passwords that are uncovered in early rounds of computation, crackers can use Markhov chains to predict likely paths to explore, reducing the number of passwords they need to check. In mid-2013, Ars Technica consulted with three cracking experts on a leaked database. The experts were able to determine the passwords in question, with success rates from 60% in one hour to 90% in 20 hours. While the potential number of brute-force password iterations is huge, winnowing and using Markhov chains winnows them down.
Dr. Jakobsson has a very different proposal for a type of password he calls "fastwords," which tie together storytelling, password strength, and probability. Reminiscent of a well-known xkcd comic, he suggests coming up with a story that one distills to a few words, such as a stepping on a squirrel while running becomes, "running forest squirrel."
Cracking of a phrase over 10 to 12 characters cannot be done effectively through brute force, so crackers would need to try word combinations and other techniques. Thus the improbability of the combination of three words in that order becomes paramount.
To determine whether a fastword is as secure as possible, it's important to check its likely occurrence in a large corpus of texts. "The fretful porpentine" appears in Shakespeare, and would likely be found as a result in a modest amount of time. Jakobsson and a co-author in one paper consult Microsoft Research's petabytes of data in its Web N-gram Services, which provides word-combination frequency results. The common phrase, "I love you honey," occurs at a frequency of 2 in 100,000,000 (2 to the -25.8th power), making for a very poor password. But a phrase like "frog work flat"—a story about accidentally squashing a frog on the way to work—is estimated at a rate of 2 to the -49.5th power or roughly 1 in a quintillion odds, a very viable defense against cracking.
The additional advantage of storytelling is resistance to phishing. Many sites employ a mnemonic of having you select an image from a variety of choices or even a word from a list, and ask you to remember that for your next visit. Almost no one does: We don't visit most sites often enough to form an arbitrary association.
In Jakobsson's formulation, an image of the first word in a password could be shown so long as the first word is sufficiently uncommon; if not, another word in the password sequence could be shown instead. That word would serve both as an acknowledgement that you were visiting the legitimate site and as a jog to the memory.
For the short-term, he hopes for a departure from an outdated password regimen less likely to help than harm most users. In the long-term, he believes that a second factor—such as using the fingerprint scanners on phones such as the iPhone 6 and Galaxy S5—will become a strict requirement, rather than an option that is not always even available. By adding a second factor, the ability to perform bulk password cracking disappears, even though individuals will remain at varying degrees of vulnerability for someone with a determined reason to crack a single password.
"If they're going to spend 200 hours to break into your bank account and they find you have $500," it's not worth it, notes Jakobsson. An economic incentive for theft evaporates by making the task so difficult that it's no longer worth the effort—which has close to the same effect as the impossible job of plugging every last technical chink in the armor.
Working with experts from entertainment,