Grammar badness makes cracking harder the long password

MikeMcFarlaneMikeMcFarlane Junior Member

There is another awesome article on Ars Technica about creating passphrases:

http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi Mike,

    Yep, Ars did a great job writing it up. I believe we're working on a follow-up to it but the key thing is that we believe the same thing applies to your master password and we wrote about it a few years ago in articles like this one and this.

  • MikeMcFarlaneMikeMcFarlane Junior Member

    Hi

    Between Ars and the AgileBits blog I normally feel I am keep my security processes fairly up to date without extreme paranoia!

    My grammar is pretty bad anyway, but I gave up on trying to generate my own passphrases a while ago and use Diceware, but sometimes I get caught out without access to Diceware so the article is useful for helping to think up better passphrases.

    I'll look forward to your article.

    Mike

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2013

    Hi Mike,

    I'm glad to hear we're in your top twos.

    sometimes I get caught out without access to Diceware

    Wait, you don't have 1Password on your iOS device surgically attached with an extension cord to your hip all the time like us? I guess, we're not normal folks then. :)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    The simple message is that people are terrible at being random even when they are trying to be random. If you ask people to pick an item at random from a list of 5 things, you will get a disproportionate picks of the second and fourth items. (Psychics use that trick). If you ask people to pick a random number between 1 and 100 the results have a strong tendency to be (pseudo)-prime, or at least odd.

    So even if you are stuck without access to the Diceware lists, try to find some way to (externally) randomize the password selection process.

    I really should have gotten this article out earlier, but I've been doing a lot of math on this also on our Strong Password Generator, which I'll probably have to cut from the article anyway.

    Cheers,

    -j

This discussion has been closed.