Nowadays, most people use password managers (hopefully). However, there are still some passwords that you need to memorize, like master password (for a password manager), phone lock, wifi password, etc.

Security wise, can passphrase reach the strength of a good password without getting so long that it defeats the purpose of even using it?

  • sylver_dragon
    link
    English
    79 months ago

    That’s basically a Diceware passphrase. And, it’s kinda ok. The amount of entropy is pretty significant (close to what the comic lists, if the Wikipedia article has it right). And it’s really easy to add more entropy. I often recommend passphrases to my users (I work in Cybersecurity) and use them myself. Take a sentence, with spaces, capitals and punctuation. Now throw in a few numbers for fun and stop worrying about brute force attacks, until some idiot decides unsalted MD5 is perfectly fine for storing passwords. Most such passphrases will blow right past the 4 words in that comic and are very easy to remember. Even better, make that the passphrase for your password vault (oh look a plug for KeePass). Then have the rest of your passwords all be unique, 20 character jumbles of letters, numbers, and special characters.

    Also, enable Two-Factor Authentication (2FA) wherever possible. Even if it’s just a One Time Password (OTP) sent via SMS (which is a shit way to do 2FA), that’s better than no 2FA.