Password Safety & Security: Passwords vs. Passphrases

May 5th 2022 is World Password Day and F5 Labs want to celebrate it!

By now I think everyone in IT has seen the excellent XKCD comic on passphrases. Passphrases are easier to remember, longer, and, therefore, more secure than passwords. Right?

XKCD comic on passphrasesSource: https://xkcd.com/936/

The logic seems sound, but does the math hold up? Are passphrases really more than passwords? Excited to find out if correct horse battery staple is really that secure?

Read the article on F5 Labs to find out, then come back here to share the best and worst advice you've heard for creating strong passwords:

https://www.f5.com/labs/articles/cisotociso/password-safety-security-best-practices-passwords-vs-passphrases

Published May 03, 2022

Version 1.0

Security

warburtr0n

Employee

Joined October 02, 2012

View Profile

JRahm
Admin
May 05, 2022
the best password is no password at all...am I doing this right? 🙂
shsingh
Employee
May 05, 2022
Perhaps it's a moot point... no matter how unbreakable your password, you are likely to change it is a site is breached and credentials stolen - regardless of whether the attacker was able to crack your password over the list.

So to make that something tangible, are we protecting a password against a targeted credential attack (i.e. someone specifically wants MY details), or from large scale breaches (in which case you are more likely to change regardless of password/passphrase strength).

If it is the latter, then we get into areas of "did I know a site I frequent was breached"... etc which password managers typically do a good job of keeping track of.
Gurmar
Nimbostratus
May 18, 2022
Thank you for the information

Password Safety & Security: Passwords vs. Passphrases

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS