The FBI now says pass phrases are more secure than passwords with extended special characters.

dbartholomew
dbartholomew
Community Member

Can 1Password offer an option for the password generator to use phrases as an option?

This article suggests it is a more secure and useful alternative.

https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Support pass phrases

Comments

  • XIII
    XIII
    Community Member

    Why phrases?

    Since 1Password does the “remembering” for you, the password does not have to be rememberable; just long.

    Or do you have some specific use cases?

    For those you could use a word based password. It might be a bit harder to remember than a phrase, but it’s also more secure (because more random).

  • DanielP
    DanielP
    1Password Alumni

    @dbartholomew:

    From a technical point of view, this comes down to the notion of password entropy. The idea is that the password complexity is dominated by password length more than by the pool of characters you can pick from. So from a password strength point of view, a longer password is typically harder to crack than a shorter one, even if the latter uses numbers and symbols.

    But if you add the human aspect to the equation, word-based passwords are way better than random combinations of characters: they are more memorable and they are easier to type. If you force your users to type complex passwords with numbers and symbols, what is naturally going to happen is that they will find ways to work around what they just see as an obstacle.

    Using a password manager sort of removes the usability problem in a way, since you never have to type these passwords, but it is still worth using word-based password for the additional length and entropy.

    This is why we recommend using this methodology to create a Master Password that is both secure and memorable.

    ===
    Daniel
    1Password Security Team

This discussion has been closed.