Grammar badness makes cracking harder the long password

MikeMcFarlane
MikeMcFarlane
Community Member

There is another awesome article on Ars Technica about creating passphrases:

http://arstechnica.com/security/2013/01/grammar-badness-makes-cracking-harder-the-long-password/

Comments

  • Hi Mike,

    Yep, Ars did a great job writing it up. I believe we're working on a follow-up to it but the key thing is that we believe the same thing applies to your master password and we wrote about it a few years ago in articles like this one and this.

  • MikeMcFarlane
    MikeMcFarlane
    Community Member

    Hi

    Between Ars and the AgileBits blog I normally feel I am keep my security processes fairly up to date without extreme paranoia!

    My grammar is pretty bad anyway, but I gave up on trying to generate my own passphrases a while ago and use Diceware, but sometimes I get caught out without access to Diceware so the article is useful for helping to think up better passphrases.

    I'll look forward to your article.

    Mike

  • MikeT
    edited February 2013

    Hi Mike,

    I'm glad to hear we're in your top twos.

    sometimes I get caught out without access to Diceware

    Wait, you don't have 1Password on your iOS device surgically attached with an extension cord to your hip all the time like us? I guess, we're not normal folks then. :)

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    The simple message is that people are terrible at being random even when they are trying to be random. If you ask people to pick an item at random from a list of 5 things, you will get a disproportionate picks of the second and fourth items. (Psychics use that trick). If you ask people to pick a random number between 1 and 100 the results have a strong tendency to be (pseudo)-prime, or at least odd.

    So even if you are stuck without access to the Diceware lists, try to find some way to (externally) randomize the password selection process.

    I really should have gotten this article out earlier, but I've been doing a lot of math on this also on our Strong Password Generator, which I'll probably have to cut from the article anyway.

    Cheers,

    -j

This discussion has been closed.