Which master password is more secure... 1 lonnnng word or several short words

Options
victrolux
victrolux
Community Member
in Mac

I read the great article about making a good master password.
http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/
But I wonder, which of the following passwords would be more secure, and why?:

password 1: "this is my attempt at a secure password"

password 2: "thisismyattemptatasecurepassword"

thanks

Comments

  • hawkmoth
    hawkmoth
    Community Member
    Options

    I'm reasonably sure that I recall from the article that you have already seen that the spaces add a little bit of entropy to the master password, but not much. And the spaces help with remembering what the password is. I adopted the recommendation to use Diceware to create my master password, complete with an actual die to toss to choose the words. I have left the spaces there. Sometimes I'm tempted to turn the spaces into a symbol, but I haven't done so. If you enter your password on a keyboard in a place where you might be overheard, it might be of some significance that the spacebar sounds different from the other keys.

  • JimH
    JimH
    Community Member
    Options

    Got to be careful with symbols when in foreign countries as ones we use use may be difficult to access abroad

  • hawkmoth
    hawkmoth
    Community Member
    Options

    @JimH - interesting comment. Would there be symbols that would be readily accessible in every language? There would need to be enough of them so that using them wouldn't make it easier to crack your master password.

  • [Deleted User]
    [Deleted User]
    Community Member
    edited April 2014
    Options

    Diceware is the ****. I also use it with spaces, and simply assume that any attacker knows I'm using Diceware words with spaces. Still secure.

    Don't use a sentence as a passphrase. It is not random.

  • Jasper
    Jasper
    edited April 2014
    Options

    You can make things easier to type and remember by using spaces, though it adds little to the actual security.

    This is also mentioned in Towards Better Master Passwords:

    Use spaces to make things easier for you

    1Password master passwords can include spaces. So you can make things easier to type and remember by using spaces (even though it adds little to the actual security). So our first improvement will be to change this to I have 2 dogs: Molly & Patty

  • benfdc
    benfdc
    Community Member
    edited April 2014
    Options

    Reinhold advises against using spaces on the ground that the small reduction in entropy is outweighed by the improved resistance to sideband attacks (spaces affect the sound and rhythm of your typing). There is also the practical consideration that many websites and Wi-Fi routers do not allow spaces.

    The latter is a pet peeve of mine. Refusal to allow spaces in a WPA key violates the spec, so I don't know how those routers get certified by the Wi-Fi Alliance.

This discussion has been closed.