Pass-phrases not Passwords

Everybody has been told about the importance of using a strong password. Now most people probably took their previously weak password (e.g. "fluffy") and just capitalized the first letter and threw on a number to make it a "strong" password. But how strong is "Fluffy1" compared to "fluffy"?

With some major advancements that have happened in the past few years, even a long (by most people's standards) password of 8-9 characters can be brute-force cracked by a computer in only a couple of days.

What we have started recommending to people is the use of a pass-phrase instead of passwords. If your password is "my cat's name is fluffy", that's significantly stronger than "Fluffy1" (23 characters vs. 7 characters).

I found a comic online today that does a good job illustrating this, albeit to more of a geek audience.

http://xkcd.com/936/

The jist of the comic: Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.


Leave a comment!

You must be logged in to post a comment.