What is safest, password or passphrase?

The_MjW
The_MjW
Community Member

I always use 20+ character passwords with a combo of lowercase, uppercase, special characters and symbols, generated with 1password.

I feel safe to say the least. The only downside is when I have to manually type a password into a device that doesn't support a 1Password plugin or a away to copy paste. PlayStation e.g
In that case trying to type a password can take up to a couple minutes if I get it wrong once or twice.

I read this recent article
http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

Does this mean that I'd be as safe using a long passphrase instead of a long password?

Like this:
reward_thumb_ezekiel

Instead of this:
ba2gvJgB9ui*H^K667Vt

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2017

    @The_MjW: Assuming both were randomly generated by 1Password, the latter is going to be a stronger password because it has higher entropy. Word-based passwords are great, especially for cases where they must be manually entered or spoken, and 4 words or more are sufficient for most uses. However, the entropy of a word-based password is calculated by the number of words multiplied by the number of possibilities for each word; whereas a character-based password is calculated per-character. So ultimately you need to take into account what your options are and weigh them based on use and threat model.

    Personally, I don't view a gaming ID like PSN or Live as a high-value target, so I don't feel a need to use the absolute strongest, character-based password for those. But that's a calculation we each have to do for ourselves. For example, if I were a Twitch personality and my livelihood could be affected by one of my gaming IDs being compromised, then I'd have to reconsider.

    And whatever you do don't make up passwords yourself, as those will always be considerably easier to guess than something random.

    Peripherally, I read a similar article yesterday about this, and I'm hopeful that the word gets out and websites stop having ridiculous password limitations so we can use truly random passwords without having to modify them to add or remove certain characters. Fingers crossed.

This discussion has been closed.