Password Safety & Security: Passwords vs. Passphrases

warburtr0n · ‎05-May-2022

May 5th 2022 is World Password Day and F5 Labs want to celebrate it!

By now I think everyone in IT has seen the excellent XKCD comic on passphrases. Passphrases are easier to remember, longer, and, therefore, more secure than passwords. Right?

XKCD comic on passphrasesSource: https://xkcd.com/936/

The logic seems sound, but does the math hold up? Are passphrases really more than passwords? Excited to find out if correct horse battery staple is really that secure?

Read the article on F5 Labs to find out, then come back here to share the best and worst advice you've heard for creating strong passwords:

https://www.f5.com/labs/articles/cisotociso/password-safety-security-best-practices-passwords-vs-pas...

JRahm · ‎05-May-2022

the best password is no password at all...am I doing this right? 🙂

shsingh · ‎05-May-2022

Perhaps it's a moot point... no matter how unbreakable your password, you are likely to change it is a site is breached and credentials stolen - regardless of whether the attacker was able to crack your password over the list.

So to make that something tangible, are we protecting a password against a targeted credential attack (i.e. someone specifically wants MY details), or from large scale breaches (in which case you are more likely to change regardless of password/passphrase strength).

If it is the latter, then we get into areas of "did I know a site I frequent was breached"... etc which password managers typically do a good job of keeping track of.

Gurmar · ‎17-May-2022

Thank you for the information

DevCentral

Password Safety & Security: Passwords vs. Passphrases