On Tue, Apr 15, 2014 at 8:27 PM, Pau Giner <pginer(a)wikimedia.org> wrote:
I think it would be better to encourage the use of
passphrases instead: An interesting
article about making usable and secure
passwords<http://www.baekdal.com/insights/password-security-usability>… that
password based on sentences with 3 or more words such as *"this
is fun"* are ten times more secure than cryptic combinations of numbers
and letters such as *"J4fS<2" *(there is also a xkcd version of the same
idea <http://xkcd.com/936/>).
An interesting approach is password haystack[1].
From the web site:
"Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
You probably know this is a trick question, but the answer is: Despite the
fact that the first password is HUGELY easier to use and more memorable, it
is also the stronger of the two! In fact, since it is one character longer
and contains uppercase, lowercase, a number and special characters, that
first password would take an attacker approximately 95 times longer to find
by searching than the second impossible-to-remember-or-type password!"
Željko
--
1:
https://www.grc.com/haystack.htm