There are ~100 symbols on the US keyboard, many not permitted in a lot of online passwords (stupidly).
There are 11 words in the “passphrase”. Fight, letter, open, urge, weapon are not in the 100 most common English words. Urge is not in the 1000 most common English words (let alone fights vs fight, or opener vs open).
I think it would be a fairly strong password. You can reduce the entropy a bit by predicting likely next words in a sequence, but that would be defeated by adding some non sequitur(s). “fights the urge to use a letter opener as a scooter” or something.
Capitalization, intentional typos, spaces or not, ending punctuation? There a for sure ways to improve it as a password while still keeping the easy to remember, easy to type aspect. Overall it’s a great strategy to teach people for making passwords.
I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.
Ours isn’t like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can’t remember the same password they’ve had since before I started working here.
Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.
There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.
Some millionaire in my office: “Hey, Sanctus, what’s my password for my computer again?”
Me, who can barely afford to fix my car: fights the urge to use a letter opener as a weapon
That’s a really long password no wonder they forgot it.
Sick entropy, though.
Horse battery staple moment
Correct
Depends, if you treat the individual letters sure but if you look at the words as the atom of information most password crackers wouldn’t take long.
There are ~100 symbols on the US keyboard, many not permitted in a lot of online passwords (stupidly).
There are 11 words in the “passphrase”. Fight, letter, open, urge, weapon are not in the 100 most common English words. Urge is not in the 1000 most common English words (let alone fights vs fight, or opener vs open).
I think it would be a fairly strong password. You can reduce the entropy a bit by predicting likely next words in a sequence, but that would be defeated by adding some non sequitur(s). “fights the urge to use a letter opener as a scooter” or something.
Capitalization, intentional typos, spaces or not, ending punctuation? There a for sure ways to improve it as a password while still keeping the easy to remember, easy to type aspect. Overall it’s a great strategy to teach people for making passwords.
Well, I know what my next password will be! (Please don’t hack me)
With or without brackets?
“Sorry, that’s above my pay-grade.”
Your password is “giveMeFuckingRaise!1!1”
I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.
Ours isn’t like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can’t remember the same password they’ve had since before I started working here.
Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.
There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.