Passwords: length over arbitrary rules

Here is a nice post on the perils of arbitrary password rules. I’m grabbing the images from my Pocket archive.


Abcd1234 fails because it’s already in a dictionary.


The key is that passphrases need to be random. For that, there’s diceware, or you can hire a young woman to do it for you. I have an emacs function that generates passphrases from text buffers. I suggest something big from Project Gutenberg. checks against a frequently cracked password list.