Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
They want you to use "Tr0ub4dor&3" instead of "correct horse battery staple". They probably have no clue about how password security works. Not giving you the required quantities doesn't actually increase the perceived level of incompetence much further...
-
@iiii Yes. You obviously should use an autogenerated password stored in a password manager. And for that, every site forcing their own rules also sucks real hard.
The word list scheme actually is for the passwords, you have to rememeber yourself (BIOS/OS login, FS encryption and the main password manager database). And for them, XKCD is right about the math and ease to rememeber (assuming randomly chosen words as stated in the comic) despite having choosen very nice examples for both schemes: https://xkcd.com/936/
You could argue for longer word lists (if the key stretching algorithm of the password manager or FS encryption is weak). But phrases actually are the best brain-based solution in that cases - everything else is harder to rememeber when generated randomly. -
iiii92442y@Oktokolo they are wrong in math for one thing: if it is known that the password is using a word combination, then the entropy falls down dramatically, because instead of every symbol being a separate piece, now only every word is, while the symbols are corellated
Just knowing that you're using such password makes is immensely weaker for bruteforce. -
@iiii That has already been accounted for. The comic assumes that the password generation scheme is known.
Perfect.
devrant