zondag 27 april 2014

About using a phrase as a password...

Today I read an article about "wasting user's time".

In this article, the author claims: "A long password phrase is as secure as a short password with numbers and symbols yet easier to remember", showing a screenshot from this website

This is a very dangrous thing to say.

Using a phrase means you are actually reducing the number of  possible combinations, because a phrase will use only known words and follow a known grammer. They are predicatble.
The sentence "i love pizza" is said to take 546 years to hack, but I'd argue it's more like two minutes. Most people will feel the need to start their personal passphrase with "I", they just do. Then they will describe something about themselves, and it will be generic and simple. "I like", "I love", "I think", follow that by any subject you can love, like, hate, enjoy, and that takes care of most of your "secure phrases".
You still have to incorporate capital letters etc to make the words unpredictable and then you're back where you started: "I L0ve P1zzA!?"