On that “strong password” debate

Seems like XKCD generated a new round of twitter talk about what a strong password should be. The argument basically boils down to : choose a passphrase instead of a short complex password, as it will be stronger and easier to remember.

This is, in my opinion, incredibly naive.

First of all, the XKCD comic is true only if :

  • everybody creates passwords the exact way that is described
  • a passphrase would be selected using random words

In practice, there are ways to make passwords strong in practice while keeping them short. Write them in Chinese, accentuated letters, replace your “e” by “€”, end it with a space. On the other with a “plain” passphrase, you are certain there will be patterns, and statistical approaches to password cracking will be highly successful.

Tr0ub4dor&3 is a MUCH stronger password than “I love <insert name here>”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s