-- October 1, 2012 1:42 PM

If you really, really, really have to link from the bowels of the devil, please use a direct link to the jpg..

makony October 1, 2012 2:27 PM

Not cool.

Clicking on the link with a mobile phone takes me to a login page at

curtmack October 1, 2012 2:29 PM


12 alphanumerics? That’s only 72 bits man. Hashcat could crack that in a mere 67,392 years.

So weak.

curtmack October 1, 2012 3:03 PM

This of course assumes that you could feed it the 80 zettabyte dictionary file; even if you generated it as a CLI stream I’m not sure if hashcat would take kindly to being given a dictionary that large.

boog October 1, 2012 3:42 PM


Why is there an eye in the bush in the top right?

Obviously the bush is eavesdropping, waiting to see the pet’s name the moment the word balloon appears containing it.

biz October 1, 2012 4:31 PM


Bizarro usually have a lot of these unrelated objects like an eye, alien, fish, bird and so on. This cartoon had only one, which is a bit uncommon.

Ryan Ries October 1, 2012 6:46 PM

I hate hate hate security questions. I would bet that a large portion of the answers to security questions are known to most of the subject’s friends, family and loved ones. (And disgruntled exes.) Which totally defeats the strongest of passwords, even if you changed your password daily. Everyone you’ve ever known can reset your password for you as long as they know your mother’s maiden name!

Any system that asks me for a security question when I’m setting up an account, I simply answer it with a long string of gibberish that even I don’t remember.

itgrrl October 1, 2012 11:43 PM

@Ryan: I use a very simple technique to make my answers to security questions less guessable – simply choose an answer from a different set of answers than that presumed by the question.

Challenge: What is your favourite colour?
Response: Mt Vesuvius.

Challenge: First car you owned?
Response: Octopus.


Fred P October 2, 2012 8:55 AM

@itgrrl – I tried that, but as a sentence “The cutest Octopus I ever met <3” – the problem is that I quickly ran into character limits (your car model must be less than 12 character long!).

As such, I devolved to Ryan Ries’s approach. In most cases, my answers to security questions are likely stronger than the passwords themselves.

Anonymous Coward October 2, 2012 9:42 AM

I try to answer the questions that would be easy to get wrong if you just researched my life.

For example (not true for me), if I have a biological father that is not my legal father on my birth certificate I could use information about him to answer father questions.

Jeff H October 2, 2012 10:09 AM

It says “Pet Parking Eunuch Humping Loaf” above the comic. I thought this was part of the joke as it looks like an XKCD-style password. It turns out that each word is associated with each of the comics in the post… which is far less funny.

Fred P October 2, 2012 11:15 AM

Apparently, part of my comment was de-fanged; no ASCII heart for me.

The omitted portion mostly describes hitting a character limit for a sentence, which forced my into the random/arbitrary password a la Ries.

Dan October 6, 2012 3:33 PM

I thought I was clever in entering gibberish answers for security questions until the time I called the phone company for service:

“And for security, what’s your mother’s… wait, that can’t be right, we’ll just skip that. How can I help you?”

Jonadab October 9, 2012 5:00 PM

“This is my dog BNuTb2h8LjDr.”‘
12 alphanumerics? That’s only 72 bits man.

Actually, there’s significantly less than 72 bits of entropy there. It alternates much too regularly between the three character subsets (with no sequence being more than two characters long). Also, the letter selection is very heavily biased toward the middle of the keyboard (assuming a QWERTY layout). A quick back-of-the-envelope estimate suggests it may have somewhere between 45 and 50 bits of entropy.

Which is still much better than the average security question answer, granted.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.