Passwords: length over arbitrary rules

Here is a nice post on the perils of arbitrary password rules. I’m grabbing the images from my Pocket archive.

w704

Abcd1234 fails because it’s already in a dictionary.

w704chilidog

The key is that passphrases need to be random. For that, there’s diceware, or you can hire a young woman to do it for you. I have an emacs function that generates passphrases from text buffers. I suggest something big from Project Gutenberg. https://howsecureismypassword.net/ checks against a frequently cracked password list.

Advertisements